ID

VAR-201701-0161


CVE

CVE-2016-10174


TITLE

NETGEAR WNR2000v5 Router buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007707

DESCRIPTION

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. An information disclosure vulnerability 3. Failed exploit attempts will likely cause a denial-of-service condition. Netgear WNR2000 firmware version 5 is affected; other versions may also be affected

Trust: 2.61

sources: NVD: CVE-2016-10174 // JVNDB: JVNDB-2016-007707 // CNVD: CNVD-2017-01201 // BID: 95867 // VULHUB: VHN-88924 // VULMON: CVE-2016-10174

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-01201

AFFECTED PRODUCTS

vendor:net gearmodel:wnr2000v5scope: - version: -

Trust: 1.6

vendor:netgearmodel:wndr4700scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr2000v3scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:d7800scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:jnr1010v2scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:r6100scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr2020scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr2200scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr2000v5scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr2500scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr618scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wndr3700v4scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wndr4500v3scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:r7500v2scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wndr4300v2scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:r2000scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:d6100scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:r6220scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:jnr3300scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:jwnr2010v5scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:r7500scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wndr3800scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr2050scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:d7000scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr614scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr2000v4scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr1000v2scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr1000v4scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wndr4300scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr2000scope:eqversion:5

Trust: 0.9

vendor:netgearmodel:wnr2000v5scope:eqversion:1.0.0.34

Trust: 0.6

sources: CNVD: CNVD-2017-01201 // BID: 95867 // JVNDB: JVNDB-2016-007707 // CNNVD: CNNVD-201702-105 // NVD: CVE-2016-10174

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10174
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-10174
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-01201
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201702-105
value: CRITICAL

Trust: 0.6

VULHUB: VHN-88924
value: HIGH

Trust: 0.1

VULMON: CVE-2016-10174
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-10174
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-01201
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-88924
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10174
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2016-10174
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-01201 // VULHUB: VHN-88924 // VULMON: CVE-2016-10174 // JVNDB: JVNDB-2016-007707 // CNNVD: CNNVD-201702-105 // NVD: CVE-2016-10174

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-88924 // JVNDB: JVNDB-2016-007707 // NVD: CVE-2016-10174

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-105

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201702-105

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007707

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-88924 // VULMON: CVE-2016-10174

PATCH

title:Insecure Remote Access and Command Execution Security Vulnerability, PSV-2016-0255url:http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability

Trust: 0.8

title:NETGEARWNR2000v5routerhidden_lang_avi patch overflow vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/89178

Trust: 0.6

title:NETGEAR WNR2000v5 Repair measures for router buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67476

Trust: 0.6

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/

Trust: 0.1

sources: CNVD: CNVD-2017-01201 // VULMON: CVE-2016-10174 // JVNDB: JVNDB-2016-007707 // CNNVD: CNNVD-201702-105

EXTERNAL IDS

db:NVDid:CVE-2016-10174

Trust: 3.5

db:BIDid:95867

Trust: 2.7

db:EXPLOIT-DBid:40949

Trust: 1.2

db:EXPLOIT-DBid:41719

Trust: 1.2

db:JVNDBid:JVNDB-2016-007707

Trust: 0.8

db:CNNVDid:CNNVD-201702-105

Trust: 0.7

db:CNVDid:CNVD-2017-01201

Trust: 0.6

db:PACKETSTORMid:141806

Trust: 0.1

db:VULHUBid:VHN-88924

Trust: 0.1

db:VULMONid:CVE-2016-10174

Trust: 0.1

sources: CNVD: CNVD-2017-01201 // VULHUB: VHN-88924 // VULMON: CVE-2016-10174 // BID: 95867 // JVNDB: JVNDB-2016-007707 // CNNVD: CNNVD-201702-105 // NVD: CVE-2016-10174

REFERENCES

url:https://raw.githubusercontent.com/pedrib/poc/master/advisories/netgear-wnr2000.txt

Trust: 2.6

url:http://kb.netgear.com/000036549/insecure-remote-access-and-command-execution-security-vulnerability

Trust: 2.4

url:http://www.securityfocus.com/bid/95867

Trust: 1.8

url:http://seclists.org/fulldisclosure/2016/dec/72

Trust: 1.8

url:https://www.exploit-db.com/exploits/41719/

Trust: 1.3

url:https://www.exploit-db.com/exploits/40949/

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10174

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10174

Trust: 0.8

url:http://www.netgear.com

Trust: 0.3

url:http://seclists.org/fulldisclosure/2017/jan/88

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/modules/exploit/linux/http/netgear_wnr2000_rce

Trust: 0.1

sources: CNVD: CNVD-2017-01201 // VULHUB: VHN-88924 // VULMON: CVE-2016-10174 // BID: 95867 // JVNDB: JVNDB-2016-007707 // CNNVD: CNNVD-201702-105 // NVD: CVE-2016-10174

CREDITS

Pedro Ribeiro.

Trust: 0.3

sources: BID: 95867

SOURCES

db:CNVDid:CNVD-2017-01201
db:VULHUBid:VHN-88924
db:VULMONid:CVE-2016-10174
db:BIDid:95867
db:JVNDBid:JVNDB-2016-007707
db:CNNVDid:CNNVD-201702-105
db:NVDid:CVE-2016-10174

LAST UPDATE DATE

2024-08-14T14:05:57.339000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-01201date:2017-02-10T00:00:00
db:VULHUBid:VHN-88924date:2017-09-03T00:00:00
db:VULMONid:CVE-2016-10174date:2017-09-03T00:00:00
db:BIDid:95867date:2017-02-02T01:03:00
db:JVNDBid:JVNDB-2016-007707date:2017-03-13T00:00:00
db:CNNVDid:CNNVD-201702-105date:2017-03-03T00:00:00
db:NVDid:CVE-2016-10174date:2024-07-16T17:58:42.247

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-01201date:2017-02-10T00:00:00
db:VULHUBid:VHN-88924date:2017-01-30T00:00:00
db:VULMONid:CVE-2016-10174date:2017-01-30T00:00:00
db:BIDid:95867date:2017-01-30T00:00:00
db:JVNDBid:JVNDB-2016-007707date:2017-03-13T00:00:00
db:CNNVDid:CNNVD-201702-105date:2017-01-29T00:00:00
db:NVDid:CVE-2016-10174date:2017-01-30T04:59:00.157