CVE-2017-5521 [Exploited] | Netgear R6200 FIRMWARE

An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions.

EDB-ID	Source	Kind	Published	Link
41205	exploit_db	edb	2017-01-30	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

41205

exploit_db

edb

2017-01-30

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-11-21	93.28%	93.80%	+0.52%
2	2025-11-18	93.80%	93.28%	-0.52%
3	2025-10-09	—	93.80%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-11-21

93.28%

93.80%

+0.52%

2025-11-18

93.80%

93.28%

-0.52%

2025-10-09

—

93.80%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
8.1	3.1	HIGH	`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	2.2	5.9	[email protected]
8.1	3.1	HIGH	`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	2.2	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0
4.3	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:P/I:N/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	8.6	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

8.1

3.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

2.2

5.9

[email protected]

8.1

3.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

2.2

5.9

134c704f-9b21-4f2e-91b3-4a467353bcc0

4.3

2.0

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:N): No availability impact.

8.6

2.9

[email protected]

Affected software / configurations for CVE-2017-5521

Vendor	Product	Version	Raw CPE
netgear	r6200_firmware	1.0.1.56_1.0.43	cpe:2.3:o:netgear:r6200_firmware:1.0.1.56_1.0.43:::::::*
netgear	r6300_firmware	1.0.2.78_1.0.58	cpe:2.3:o:netgear:r6300_firmware:1.0.2.78_1.0.58:::::::*
netgear	vegn2610_firmware	1.0.0.36	cpe:2.3:o:netgear:vegn2610_firmware:1.0.0.36:::::::*
netgear	ac1450_firmware	1.0.0.34_10.0.16	cpe:2.3:o:netgear:ac1450_firmware:1.0.0.34_10.0.16:::::::*
netgear	wnr1000v3_firmware	1.0.2.68_60.0.93	cpe:2.3:o:netgear:wnr1000v3_firmware:1.0.2.68_60.0.93:::::::*
netgear	wndr3700v3_firmware	1.0.0.40_1.0.32	cpe:2.3:o:netgear:wndr3700v3_firmware:1.0.0.40_1.0.32:::::::*
netgear	wndr4000_firmware	1.0.2.4_9.1.86	cpe:2.3:o:netgear:wndr4000_firmware:1.0.2.4_9.1.86:::::::*
netgear	wndr4500_firmware	1.0.1.44_1.0.73	cpe:2.3:o:netgear:wndr4500_firmware:1.0.1.44_1.0.73:::::::*
netgear	d6400_firmware	1.0.0.44	cpe:2.3:o:netgear:d6400_firmware:1.0.0.44:::::::*
netgear	d6220_firmware	1.0.0.12	cpe:2.3:o:netgear:d6220_firmware:1.0.0.12:::::::*
netgear	d6300_firmware	1.0.0.96	cpe:2.3:o:netgear:d6300_firmware:1.0.0.96:::::::*
netgear	d6300b_firmware	1.0.0.40	cpe:2.3:o:netgear:d6300b_firmware:1.0.0.40:::::::*
netgear	dgn2200bv4_firmware	1.0.0.68	cpe:2.3:o:netgear:dgn2200bv4_firmware:1.0.0.68:::::::*

References for CVE-2017-5521

URL	Tags
http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability	Vendor Advisory
http://www.securityfocus.com/bid/95457	Broken Link Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41205/	Exploit Third Party Advisory VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5521	US Government Resource

URL

CVE-2017-5521

CISA KEV Record for CVE-2017-5521

Public exploit references (Exploit-DB) for CVE-2017-5521

Exploit prediction scoring system (EPSS) score for CVE-2017-5521

Common vulnerability scoring system (CVSS) metrics for CVE-2017-5521

Weakness enumeration for CVE-2017-5521

Affected software / configurations for CVE-2017-5521

References for CVE-2017-5521