CVE-2017-5521

CISA description

Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.

Required action

Apply updates per vendor instructions. If the affected device has since entered end-of-life, it should be disconnected if still in use.

Notes & references

• https://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability
• https://nvd.nist.gov/vuln/detail/CVE-2017-5521

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

• RA-5 · Vulnerability Monitoring and Scanning
• SI-2 · Flaw Remediation
• CM-6 · Configuration Settings
• SI-7 · Software, Firmware, and Information Integrity
• CM-8 · System Component Inventory

External lookups

• NVD · CVE-2017-5521
• CVE.org · CVE-2017-5521
• CISA KEV catalog (canonical)