CVE-2016-10174

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-10174
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability Vendor Advisory
http://seclists.org/fulldisclosure/2016/Dec/72 Exploit Mailing List Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/95867 Broken Link Third Party Advisory VDB Entry
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt Exploit Technical Description Third Party Advisory
https://www.exploit-db.com/exploits/40949/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41719/ Exploit Third Party Advisory VDB Entry
http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability Vendor Advisory
http://seclists.org/fulldisclosure/2016/Dec/72 Exploit Mailing List Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/95867 Broken Link Third Party Advisory VDB Entry
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt Exploit Technical Description Third Party Advisory
https://www.exploit-db.com/exploits/40949/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41719/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:d6100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:d7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:jnr1010v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jnr1010v2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:jnr3300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:jwnr2010v5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jwnr2010v5:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:r2000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:r6100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:r6220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:r7500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netgear:r7500v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netgear:wndr3700v4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr3700v4:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netgear:wndr3800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr3800:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netgear:wndr4300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:netgear:wndr4300v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr4300v2:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:netgear:wndr4500v3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr4500v3:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:netgear:wndr4700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:netgear:wnr1000v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr1000v2:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:netgear:wnr1000v4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr1000v4:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:netgear:wnr2000v3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2000v3:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:netgear:wnr2000v4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:netgear:wnr2000v5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:netgear:wnr2050_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:netgear:wnr2200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:netgear:wnr2500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2500:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:netgear:wnr614_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:netgear:wnr618_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*
History

21 Nov 2024, 02:43

Type Values Removed Values Added
References () http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability - Vendor Advisory () http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability - Vendor Advisory
References () http://seclists.org/fulldisclosure/2016/Dec/72 - Exploit, Mailing List, Third Party Advisory, VDB Entry () http://seclists.org/fulldisclosure/2016/Dec/72 - Exploit, Mailing List, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/95867 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/95867 - Broken Link, Third Party Advisory, VDB Entry
References () https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt - Exploit, Technical Description, Third Party Advisory () https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt - Exploit, Technical Description, Third Party Advisory
References () https://www.exploit-db.com/exploits/40949/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/40949/ - Exploit, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/41719/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/41719/ - Exploit, Third Party Advisory, VDB Entry

16 Jul 2024, 17:58

Type Values Removed Values Added
First Time Netgear r6220 Firmware
Netgear wnr2500 Firmware
Netgear wnr1000v4 Firmware
Netgear wndr3800 Firmware
Netgear r7500v2
Netgear wndr3700v4
Netgear jwnr2010v5
Netgear wnr1000v4
Netgear wndr4300
Netgear wnr2000v3
Netgear d7000
Netgear wndr4500v3
Netgear d7800
Netgear r6100 Firmware
Netgear jnr1010v2 Firmware
Netgear wndr4700
Netgear r2000 Firmware
Netgear wnr2000v3 Firmware
Netgear jnr1010v2
Netgear r6100
Netgear jnr3300 Firmware
Netgear wnr2200
Netgear wnr2020 Firmware
Netgear wndr4300v2 Firmware
Netgear d6100 Firmware
Netgear r7500 Firmware
Netgear r2000
Netgear jwnr2010v5 Firmware
Netgear wndr4700 Firmware
Netgear wnr2050
Netgear wnr2000v4 Firmware
Netgear wnr2020
Netgear d7800 Firmware
Netgear wnr2200 Firmware
Netgear wndr4300v2
Netgear d7000 Firmware
Netgear r7500
Netgear wnr2000v4
Netgear wnr618 Firmware
Netgear wndr3700v4 Firmware
Netgear wndr3800
Netgear wndr4500v3 Firmware
Netgear wnr2500
Netgear jnr3300
Netgear wnr1000v2
Netgear wndr4300 Firmware
Netgear d6100
Netgear wnr614
Netgear wnr1000v2 Firmware
Netgear wnr614 Firmware
Netgear r6220
Netgear wnr2050 Firmware
Netgear wnr618
Netgear r7500v2 Firmware
CWE CWE-119 CWE-120
References () http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability - Patch, Vendor Advisory () http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability - Vendor Advisory
References () http://seclists.org/fulldisclosure/2016/Dec/72 - Exploit, Third Party Advisory, VDB Entry () http://seclists.org/fulldisclosure/2016/Dec/72 - Exploit, Mailing List, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/95867 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/95867 - Broken Link, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/40949/ - () https://www.exploit-db.com/exploits/40949/ - Exploit, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/41719/ - () https://www.exploit-db.com/exploits/41719/ - Exploit, Third Party Advisory, VDB Entry
CPE cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2000v3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wnr2050_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wndr4700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wnr2500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r2000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wnr2000v5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr1000v4:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr3700v4:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7500v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jnr1010v2:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr1000v2:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wndr4300v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wnr1000v4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr4500v3:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr4300v2:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wndr4300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2500:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wnr614_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wndr3800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wnr1000v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d6100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr3800:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wndr4500v3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wnr2000v4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2000v3:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jwnr2010v5:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:jwnr2010v5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:jnr3300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wnr618_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wnr2200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:wndr3700v4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:jnr1010v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:*
Information

Published : 2017-01-30 04:59

Updated : 2024-11-21 02:43

NVD link : CVE-2016-10174

Mitre link : CVE-2016-10174

CVE.ORG link : CVE-2016-10174

JSON object : View

Products Affected

netgear

  • r6100
  • jwnr2010v5
  • d6100
  • wndr3800_firmware
  • wndr4700
  • r6100_firmware
  • wndr4300
  • r7500
  • wnr2200
  • r6220
  • wndr4500v3_firmware
  • wnr2000v4
  • wnr2050_firmware
  • wnr618_firmware
  • wnr1000v2_firmware
  • wnr1000v4_firmware
  • wnr614
  • jnr1010v2
  • wnr2000v5
  • r7500v2
  • wnr2200_firmware
  • wnr2500
  • d6100_firmware
  • jnr3300
  • wnr618
  • jnr1010v2_firmware
  • wnr2000v5_firmware
  • wndr4700_firmware
  • wndr4300_firmware
  • d7000_firmware
  • d7800
  • wnr2000v4_firmware
  • jwnr2010v5_firmware
  • wndr4300v2
  • r2000_firmware
  • wndr3800
  • d7000
  • wndr4500v3
  • wnr1000v4
  • d7800_firmware
  • jnr3300_firmware
  • wndr4300v2_firmware
  • wnr2500_firmware
  • r2000
  • wnr2000v3_firmware
  • wnr2050
  • r7500_firmware
  • r6220_firmware
  • wnr2020
  • wndr3700v4_firmware
  • wndr3700v4
  • wnr1000v2
  • wnr2020_firmware
  • r7500v2_firmware
  • wnr2000v3
  • wnr614_firmware
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024