Vulnerability Details CVE-2016-10174
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.918
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.
Ransomware Campaign
Unknown
References
- http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability
- http://seclists.org/fulldisclosure/2016/Dec/72
- http://www.securityfocus.com/bid/95867
- https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt
- https://www.exploit-db.com/exploits/40949/
- https://www.exploit-db.com/exploits/41719/
- http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability
- http://seclists.org/fulldisclosure/2016/Dec/72
- http://www.securityfocus.com/bid/95867
- https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt
- https://www.exploit-db.com/exploits/40949/
- https://www.exploit-db.com/exploits/41719/
Products affected by CVE-2016-10174
-
cpe:2.3:h:netgear:d6100:-
-
cpe:2.3:h:netgear:d7000:-
-
cpe:2.3:h:netgear:d7800:-
-
cpe:2.3:h:netgear:jnr1010v2:-
-
cpe:2.3:h:netgear:jnr3300:-
-
cpe:2.3:h:netgear:jwnr2010v5:-
-
cpe:2.3:h:netgear:r2000:-
-
cpe:2.3:h:netgear:r6100:-
-
cpe:2.3:h:netgear:r6220:-
-
cpe:2.3:h:netgear:r7500:-
-
cpe:2.3:h:netgear:r7500v2:-
-
cpe:2.3:h:netgear:wndr3700v4:-
-
cpe:2.3:h:netgear:wndr3800:-
-
cpe:2.3:h:netgear:wndr4300:-
-
cpe:2.3:h:netgear:wndr4300v2:-
-
cpe:2.3:h:netgear:wndr4500v3:-
-
cpe:2.3:h:netgear:wndr4700:-
-
cpe:2.3:h:netgear:wnr1000v2:-
-
cpe:2.3:h:netgear:wnr1000v4:-
-
cpe:2.3:h:netgear:wnr2000v3:-
-
cpe:2.3:h:netgear:wnr2000v4:-
-
cpe:2.3:h:netgear:wnr2000v5:-
-
cpe:2.3:h:netgear:wnr2020:-
-
cpe:2.3:h:netgear:wnr2050:-
-
cpe:2.3:h:netgear:wnr2200:-
-
cpe:2.3:h:netgear:wnr2500:-
-
cpe:2.3:h:netgear:wnr614:-
-
cpe:2.3:h:netgear:wnr618:-
-
cpe:2.3:o:netgear:d6100_firmware:-
-
cpe:2.3:o:netgear:d7000_firmware:-
-
cpe:2.3:o:netgear:d7800_firmware:-
-
cpe:2.3:o:netgear:jnr1010v2_firmware:-
-
cpe:2.3:o:netgear:jnr3300_firmware:-
-
cpe:2.3:o:netgear:jwnr2010v5_firmware:-
-
cpe:2.3:o:netgear:r2000_firmware:-
-
cpe:2.3:o:netgear:r6100_firmware:-
-
cpe:2.3:o:netgear:r6220_firmware:-
-
cpe:2.3:o:netgear:r7500_firmware:-
-
cpe:2.3:o:netgear:r7500v2_firmware:-
-
cpe:2.3:o:netgear:wndr3700v4_firmware:-
-
cpe:2.3:o:netgear:wndr3800_firmware:-
-
cpe:2.3:o:netgear:wndr4300_firmware:-
-
cpe:2.3:o:netgear:wndr4300v2_firmware:-
-
cpe:2.3:o:netgear:wndr4500v3_firmware:-
-
cpe:2.3:o:netgear:wndr4700_firmware:-
-
cpe:2.3:o:netgear:wnr1000v2_firmware:-
-
cpe:2.3:o:netgear:wnr1000v4_firmware:-
-
cpe:2.3:o:netgear:wnr2000v3_firmware:-
-
cpe:2.3:o:netgear:wnr2000v4_firmware:-
-
cpe:2.3:o:netgear:wnr2000v5_firmware:-
-
cpe:2.3:o:netgear:wnr2020_firmware:-
-
cpe:2.3:o:netgear:wnr2050_firmware:-
-
cpe:2.3:o:netgear:wnr2200_firmware:-
-
cpe:2.3:o:netgear:wnr2500_firmware:-
-
cpe:2.3:o:netgear:wnr614_firmware:-
-
cpe:2.3:o:netgear:wnr618_firmware:-