EIP-2026-101860

PRE-CVE

Netgear DGN2200 / DGND3700 - Admin Password Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101860. PoCs published by Social Engineering Neo.

AI-analyzed exploit summary This script exploits an authentication bypass vulnerability in Netgear DGN2200 and DGND3700 routers by accessing the 'BSW_cxttongr.htm' page, which leaks the administrator password in clear text. The script uses curl to fetch the page and extracts the password using awk.

Description

Netgear DGN2200 / DGND3700 - Admin Password Disclosure

Exploits (1)

exploitdb WORKING POC

by Social Engineering Neo · bashwebappshardware

https://www.exploit-db.com/exploits/46764

View Code ZIP pw:eip

This script exploits an authentication bypass vulnerability in Netgear DGN2200 and DGND3700 routers by accessing the 'BSW_cxttongr.htm' page, which leaks the administrator password in clear text. The script uses curl to fetch the page and extracts the password using awk.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Netgear DGN2200 (firmware < 1.0.0.52) and DGND3700 (firmware < 1.0.0.28)

No auth needed

Prerequisites: Target device must be a vulnerable Netgear DGN2200 or DGND3700 router · The 'BSW_cxttongr.htm' page must be accessible

MITRE ATT&CK

T1592 - Gather Victim Host Information T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026