Skip to content

Instantly share code, notes, and snippets.

View DMIND-NLL's full-sized avatar

DMIND DMIND-NLL

  • 19:40 (UTC +08:00)
View GitHub Profile
@DMIND-NLL
DMIND-NLL / CVE-2023-50677
Created March 9, 2024 07:20
CVE-2023-50677
[CVE ID]
CVE-2023-50677
[PRODUCT]
https://www.netgear.com
[VERSION]
NETGEAR-DGND4000 - before V1.1.00.15_1.00.15
[PROBLEM TYPE]
Incorrect Access Control
[DESCRIPTION]
The attacker gains access to the NETGEAR DGND4000's page and appends "/setup.cgi?next_file=passwordrecovered.htm&foo=currentsetting.htm" to the URL to obtain the administrator's username and password. They then use this account information to log in.