Home / Vulnerabilities / CVE-2017-5521
HIGH SEVERITY
CVE-2017-5521 NETGEAR · Multiple Devices

NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
8.1 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

93.80 %
Predictive Probability
Percentile Rank
99.9 th

Documented as more likely to be exploited than 99.9% of known CVEs.

Detection Date

Sep 08, 2022

Remediation Due

Sep 29, 2022

CISA Catalog Active

Threat Analysis

Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.

Remediation Directive

Apply updates per vendor instructions. If the affected device has since entered end-of-life, it should be disconnected if still in use.

External Intelligence

https://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability

https://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability
NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2017-5521