CVE-2016-1555

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:wndap210v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndap210v2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:wn802tv2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wn802tv2:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:46

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html - Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2016/Feb/112 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2016/Feb/112 - Mailing List, Third Party Advisory
References () https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic - Patch, Vendor Advisory () https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic - Patch, Vendor Advisory
References () https://www.exploit-db.com/exploits/45909/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/45909/ - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2017-04-21 15:59

Updated : 2024-11-21 02:46


NVD link : CVE-2016-1555

Mitre link : CVE-2016-1555

CVE.ORG link : CVE-2016-1555


JSON object : View

Products Affected

netgear

  • wn604
  • wndap360_firmware
  • wn802tv2_firmware
  • wndap660_firmware
  • wndap350
  • wnap320_firmware
  • wndap360
  • wnap320
  • wndap350_firmware
  • wndap210v2
  • wndap210v2_firmware
  • wn604_firmware
  • wndap660
  • wn802tv2
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')