CVE Tools
Sign in

CVE-2017-5521

Published: Jan 17, 2017Updated: Apr 21, 2026 Sources: CVE List NVD BDUNVD-CWE-noinfo
NVD MITRE
8.1CVSSHIGH
EPSS Score
89.3%
Top 0.2%
CISA KEV
Active Exploitation
Since Sep 8, 2022
Exploits
1 Known
Remediation
Patch Available
Am I actually vulnerable?1 Nuclei template available — see how to check your systems. How to verify

Description

An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions.

CVSS Vector Breakdown

AV:NAC:HPR:NUI:NS:UC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:HAttack Complexity
High
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

NVD-CWE-noinfo

Affected Products

r6200 firmwarenetgearNetworking Infrastructure
r6300 firmwarenetgearNetworking Infrastructure
vegn2610 firmwarenetgearNetworking Infrastructure
ac1450 firmwarenetgearNetworking Infrastructure
wnr1000v3 firmwarenetgearNetworking Infrastructure
netgearcommercialUSNetworking Infrastructureaka net gear
and 41 more affected products View all →

Exploitability

CISA Known Exploited Vulnerability
Added to KEV:Sep 8, 2022
Remediation due:Sep 29, 2022

Required action: Apply updates per vendor instructions. If the affected device has since entered end-of-life, it should be disconnected if still in use.

1 exploit source identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available

References

http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability
kb.netgear.com
http://www.securityfocus.com/bid/95457
securityfocus.com
https://www.exploit-db.com/exploits/41205/
exploit-db.com
and 3 more references View all →

Timeline

Published
Jan 17, 2017
Added to CISA KEV
Sep 8, 2022
Last Updated
Apr 21, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2017-5521 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows