ID

VAR-201701-0162


CVE

CVE-2016-10175


TITLE

NETGEAR WNR2000v5 Vulnerability to leak serial number in router

Trust: 0.8

sources: JVNDB: JVNDB-2016-007708

DESCRIPTION

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. An information disclosure vulnerability 3. A stack-buffer overflow vulnerability An attacker may leverage this issue to bypass the authentication mechanism and perform unauthorized actions, obtain sensitive information, or execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Netgear WNR2000 firmware version 5 is affected; other versions may also be affected. A security vulnerability exists in the NETGEAR WNR2000v5 router

Trust: 2.61

sources: NVD: CVE-2016-10175 // JVNDB: JVNDB-2016-007708 // CNVD: CNVD-2017-01202 // BID: 95867 // VULHUB: VHN-88925 // VULMON: CVE-2016-10175

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-01202

AFFECTED PRODUCTS

vendor:net gearmodel:wnr2000v5scope: - version: -

Trust: 1.6

vendor:netgearmodel:wnr2000v5scope:lteversion:1.0.0.34

Trust: 1.0

vendor:netgearmodel:wnr2000scope:eqversion:5

Trust: 0.9

vendor:netgearmodel:wnr2000v5scope:eqversion:1.0.0.34

Trust: 0.6

sources: CNVD: CNVD-2017-01202 // BID: 95867 // JVNDB: JVNDB-2016-007708 // CNNVD: CNNVD-201702-104 // NVD: CVE-2016-10175

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10175
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-10175
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-01202
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201702-104
value: MEDIUM

Trust: 0.6

VULHUB: VHN-88925
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-10175
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-10175
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-01202
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-88925
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10175
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-01202 // VULHUB: VHN-88925 // VULMON: CVE-2016-10175 // JVNDB: JVNDB-2016-007708 // CNNVD: CNNVD-201702-104 // NVD: CVE-2016-10175

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-88925 // JVNDB: JVNDB-2016-007708 // NVD: CVE-2016-10175

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-104

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-104

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007708

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-88925 // VULMON: CVE-2016-10175

PATCH

title:Insecure Remote Access and Command Execution Security Vulnerability, PSV-2016-0255url:http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability

Trust: 0.8

title:NETGEARWNR2000v5router information disclosure vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/89177

Trust: 0.6

title:NETGEAR WNR2000v5 Repair measures for router security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67475

Trust: 0.6

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/

Trust: 0.1

sources: CNVD: CNVD-2017-01202 // VULMON: CVE-2016-10175 // JVNDB: JVNDB-2016-007708 // CNNVD: CNNVD-201702-104

EXTERNAL IDS

db:NVDid:CVE-2016-10175

Trust: 3.5

db:BIDid:95867

Trust: 2.7

db:EXPLOIT-DBid:40949

Trust: 1.2

db:JVNDBid:JVNDB-2016-007708

Trust: 0.8

db:CNNVDid:CNNVD-201702-104

Trust: 0.7

db:CNVDid:CNVD-2017-01202

Trust: 0.6

db:PACKETSTORMid:140235

Trust: 0.1

db:VULHUBid:VHN-88925

Trust: 0.1

db:VULMONid:CVE-2016-10175

Trust: 0.1

sources: CNVD: CNVD-2017-01202 // VULHUB: VHN-88925 // VULMON: CVE-2016-10175 // BID: 95867 // JVNDB: JVNDB-2016-007708 // CNNVD: CNNVD-201702-104 // NVD: CVE-2016-10175

REFERENCES

url:https://raw.githubusercontent.com/pedrib/poc/master/advisories/netgear-wnr2000.txt

Trust: 2.6

url:http://kb.netgear.com/000036549/insecure-remote-access-and-command-execution-security-vulnerability

Trust: 2.4

url:http://www.securityfocus.com/bid/95867

Trust: 1.8

url:http://seclists.org/fulldisclosure/2016/dec/72

Trust: 1.8

url:https://www.exploit-db.com/exploits/40949/

Trust: 1.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10175

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10175

Trust: 0.8

url:http://www.netgear.com

Trust: 0.3

url:http://seclists.org/fulldisclosure/2017/jan/88

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery

Trust: 0.1

url:https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/

Trust: 0.1

sources: CNVD: CNVD-2017-01202 // VULHUB: VHN-88925 // VULMON: CVE-2016-10175 // BID: 95867 // JVNDB: JVNDB-2016-007708 // CNNVD: CNNVD-201702-104 // NVD: CVE-2016-10175

CREDITS

Pedro Ribeiro.

Trust: 0.3

sources: BID: 95867

SOURCES

db:CNVDid:CNVD-2017-01202
db:VULHUBid:VHN-88925
db:VULMONid:CVE-2016-10175
db:BIDid:95867
db:JVNDBid:JVNDB-2016-007708
db:CNNVDid:CNNVD-201702-104
db:NVDid:CVE-2016-10175

LAST UPDATE DATE

2024-08-14T14:05:57.424000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-01202date:2017-02-10T00:00:00
db:VULHUBid:VHN-88925date:2017-09-03T00:00:00
db:VULMONid:CVE-2016-10175date:2017-09-03T00:00:00
db:BIDid:95867date:2017-02-02T01:03:00
db:JVNDBid:JVNDB-2016-007708date:2017-03-13T00:00:00
db:CNNVDid:CNNVD-201702-104date:2017-02-10T00:00:00
db:NVDid:CVE-2016-10175date:2017-09-03T01:29:03.390

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-01202date:2017-02-10T00:00:00
db:VULHUBid:VHN-88925date:2017-01-30T00:00:00
db:VULMONid:CVE-2016-10175date:2017-01-30T00:00:00
db:BIDid:95867date:2017-01-30T00:00:00
db:JVNDBid:JVNDB-2016-007708date:2017-03-13T00:00:00
db:CNNVDid:CNNVD-201702-104date:2017-01-29T00:00:00
db:NVDid:CVE-2016-10175date:2017-01-30T04:59:00.203