An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions.
This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.1, indicating it can be exploited remotely over the network but requires specific conditions to be met without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 26 products from netgear, from netgear, from netgear and 23 others, organizations running these solutions should prioritize assessment and patching.
First disclosed in 2017, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.
2017-01-17T09:59:00.333
2025-10-22T00:16:06.633
Deferred
CVSSv3.1: 8.1 (HIGH)
AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | netgear | r6200_firmware | 1.0.1.56_1.0.43 | Yes |
| Hardware | netgear | r6200 | - | No |
| Operating System | netgear | r6300_firmware | 1.0.2.78_1.0.58 | Yes |
| Hardware | netgear | r6300 | - | No |
| Operating System | netgear | vegn2610_firmware | 1.0.0.36 | Yes |
| Hardware | netgear | vegn2610 | - | No |
| Operating System | netgear | ac1450_firmware | 1.0.0.34_10.0.16 | Yes |
| Hardware | netgear | ac1450 | - | No |
| Operating System | netgear | wnr1000v3_firmware | 1.0.2.68_60.0.93 | Yes |
| Hardware | netgear | wnr1000v3 | - | No |
| Operating System | netgear | wndr3700v3_firmware | 1.0.0.40_1.0.32 | Yes |
| Hardware | netgear | wndr3700v3 | - | No |
| Operating System | netgear | wndr4000_firmware | 1.0.2.4_9.1.86 | Yes |
| Hardware | netgear | wndr4000 | - | No |
| Operating System | netgear | wndr4500_firmware | 1.0.1.44_1.0.73 | Yes |
| Hardware | netgear | wndr4500 | - | No |
| Operating System | netgear | d6400_firmware | 1.0.0.44 | Yes |
| Hardware | netgear | d6400 | - | No |
| Operating System | netgear | d6220_firmware | 1.0.0.12 | Yes |
| Hardware | netgear | d6220 | - | No |
| Operating System | netgear | d6300_firmware | 1.0.0.96 | Yes |
| Hardware | netgear | d6300 | - | No |
| Operating System | netgear | d6300b_firmware | 1.0.0.40 | Yes |
| Hardware | netgear | d6300b | - | No |
| Operating System | netgear | dgn2200bv4_firmware | 1.0.0.68 | Yes |
| Hardware | netgear | dgn2200bv4 | - | No |
SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For netgear's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.