CVE-2017-5521 — NETGEAR Multiple Devices

NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability

Added to KEV

2022-09-08

Federal due date

2022-09-29

Vendor

NETGEAR

Product

Multiple Devices

EPSS

99.9th percentile (score 0.938, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2017-5521

CISA short description

Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.

Required action

Apply updates per vendor instructions. If the affected device has since entered end-of-life, it should be disconnected if still in use.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.