Key Information Vulnerability Overview Manufacturer Website: https://www.netgear.com/ Firmware Download URL: https://kb.netgear.com/23510/DGND3700v2-Firmware-Version-1-1-00-15-NA-Users Affected Versions DGND3700v2 V1.1.00.15_1.00.15NA Vulnerability Description The Netgear DGND3700v2 router (firmware V1.1.00.15_1.00.15NA) contains a backdoor authentication bypass vulnerability. By accessing the unauthenticated endpoint , the internal flag is set to , which disables HTTP basic authentication checks. As a result, attackers can bypass login and gain full access to the device's management interface without valid credentials. Vulnerability Details Netgear uses mini_http to handle HTTP requests; is responsible for processing all incoming HTTP requests and generating appropriate responses. After accessing the page, the flag is set to . The function is used for HTTP Basic Auth login verification. If is , authentication is skipped, allowing unauthorized users to access all features — indicating a backdoor. Code Snippets POC We recorded a GIF to demonstrate the existence of this backdoor vulnerability.