CVE-2016-10174

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability	Vendor Advisory
http://seclists.org/fulldisclosure/2016/Dec/72	Exploit Mailing List Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/95867	Broken Link Third Party Advisory VDB Entry
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt	Exploit Technical Description Third Party Advisory
https://www.exploit-db.com/exploits/40949/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41719/	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:d6100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:d7800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:jnr1010v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jnr1010v2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:jnr3300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:jwnr2010v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jwnr2010v5:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:r2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:r6100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:r6220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:r7500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:r7500v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:wndr3700v4_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3700v4:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:wndr3800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3800:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:wndr4300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netgear:wndr4300v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4300v2:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netgear:wndr4500v3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4500v3:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netgear:wndr4700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netgear:wnr1000v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr1000v2:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netgear:wnr1000v4_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr1000v4:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:netgear:wnr2000v3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000v3:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:netgear:wnr2000v4_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:netgear:wnr2000v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:netgear:wnr2050_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:netgear:wnr2200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:netgear:wnr2500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2500:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:netgear:wnr614_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:netgear:wnr618_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-01-30 04:59

Updated : 2024-07-16 17:58

NVD link : CVE-2016-10174

Mitre link : CVE-2016-10174

CVE.ORG link : CVE-2016-10174

JSON object : View

Products Affected

netgear

wnr2000v5_firmware
wnr2500
wnr2200_firmware
wnr618_firmware
r2000_firmware
r7500
r7500v2_firmware
wndr3800
wnr1000v2
r6100_firmware
jwnr2010v5
wnr2050
wndr4300v2
d7000_firmware
wndr4300
wnr2000v4_firmware
wnr1000v4_firmware
wnr2200
d6100
d7000
r6100
d7800_firmware
wnr614_firmware
wndr3700v4_firmware
wnr2020_firmware
jwnr2010v5_firmware
wnr1000v4
wnr2000v4
jnr1010v2
wnr2020
d7800
wndr4500v3
r6220_firmware
d6100_firmware
r7500v2
wnr1000v2_firmware
wndr4700_firmware
wnr618
wndr3800_firmware
wnr2500_firmware
wnr2000v3_firmware
r6220
wndr4700
wnr2000v5
wndr3700v4
jnr3300_firmware
wndr4300v2_firmware
wnr2000v3
jnr3300
wndr4300_firmware
wnr614
jnr1010v2_firmware
wndr4500v3_firmware
r2000
wnr2050_firmware
r7500_firmware

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

9.8 /10