Netgear DGND3700 Authentication Bypass Vulnerability in Basic Authentication Component

A critical authentication bypass vulnerability has been identified in the Netgear DGND3700 router, specifically in version 1.1.00.15_1.00.15NA. This vulnerability resides in the Basic Authentication component, within the file /BRS_top.html. The issue allows remote attackers to bypass authentication requirements and gain unauthorized access to the device's management interface. Exploitation involves accessing an unauthenticated endpoint, which disables HTTP Basic Authentication checks, thereby granting full access without valid credentials.

Impact

Exploitation of this vulnerability allows for unauthorized access to the device management interface, bypassing authentication requirements and potentially leading to unauthorized changes in device settings or configurations.

Reproduction

To reproduce this vulnerability, access the endpoint /BRS_top.html on a Netgear DGND3700 router running the affected firmware version. This can be done without authentication, which will trigger the vulnerability by disabling the HTTP Basic Authentication checks. Once this flag is disabled, access the device management interface, which will be available without the need for valid credentials.

Remediation

It is recommended to implement firewall rules to block access to the vulnerable endpoint or to the device management interface altogether.