CVE-2013-3317

CRITICAL

Netgear WNR1000v3 <1.0.2.60 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3317. PoCs published by Roberto Paleari.

AI-analyzed exploit summary The exploit demonstrates an authentication bypass vulnerability in Netgear WNR1000v3 routers by accessing a configuration file via a URL containing '.jpg', which skips authentication. The configuration file is encrypted with a weak scheme, and the provided Python code decrypts it to reveal the admin password.

Description

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.

Exploits (1)

exploitdb WORKING POC

by Roberto Paleari · textwebappshardware

https://www.exploit-db.com/exploits/24916

View Code ZIP pw:eip

The exploit demonstrates an authentication bypass vulnerability in Netgear WNR1000v3 routers by accessing a configuration file via a URL containing '.jpg', which skips authentication. The configuration file is encrypted with a weak scheme, and the provided Python code decrypts it to reveal the admin password.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Netgear WNR1000v3 firmware < 1.0.2.60

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/24916/

Scores

CVSS v3 9.8

EPSS 0.0023

EPSS Percentile 46.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

netgear/wnr1000_firmware < 1.0.2.60

Published Jan 29, 2020

Tracked Since Feb 18, 2026