CVE-2019-17137

CRITICAL

NETGEAR AC1200 R6220 Firmware <1.1.0.86 - Auth Bypass

Title source: llm

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616.

Exploits (1)

nomisec WORKING POC

by vncloudsco · poc

https://github.com/vncloudsco/CVE-2019-17137

View Code ZIP pw:eip

References (1)

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-19-866/

Scores

CVSS v3 9.4

EPSS 0.0042

EPSS Percentile 61.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Details

CWE

CWE-626

Status published

Products (1)

netgear/ac1200_r6220_firmware 1.1.0.86

Published Feb 10, 2020

Tracked Since Feb 18, 2026