Details of VAR-201701-0162

ID

VAR-201701-0162

CVE

CVE-2016-10175

TITLE

NETGEAR WNR2000v5 Vulnerability to leak serial number in router

Trust: 0.8

sources: JVNDB: JVNDB-2016-007708

DESCRIPTION

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. An information disclosure vulnerability 3. A stack-buffer overflow vulnerability An attacker may leverage this issue to bypass the authentication mechanism and perform unauthorized actions, obtain sensitive information, or execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Netgear WNR2000 firmware version 5 is affected; other versions may also be affected. A security vulnerability exists in the NETGEAR WNR2000v5 router

Trust: 2.61

sources: NVD: CVE-2016-10175 // JVNDB: JVNDB-2016-007708 // CNVD: CNVD-2017-01202 // BID: 95867 // VULHUB: VHN-88925 // VULMON: CVE-2016-10175

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-01202

AFFECTED PRODUCTS

vendor:	net gear	model:	wnr2000v5	scope:	-	version:	-	Trust: 1.6
vendor:	netgear	model:	wnr2000v5	scope:	lte	version:	1.0.0.34	Trust: 1.0
vendor:	netgear	model:	wnr2000	scope:	eq	version:	5	Trust: 0.9
vendor:	netgear	model:	wnr2000v5	scope:	eq	version:	1.0.0.34	Trust: 0.6

sources: CNVD: CNVD-2017-01202 // BID: 95867 // JVNDB: JVNDB-2016-007708 // CNNVD: CNNVD-201702-104 // NVD: CVE-2016-10175

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10175
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-10175
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-01202
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-104
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-88925
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-10175
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-10175
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-01202
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-88925
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-10175
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-01202 // VULHUB: VHN-88925 // VULMON: CVE-2016-10175 // JVNDB: JVNDB-2016-007708 // CNNVD: CNNVD-201702-104 // NVD: CVE-2016-10175

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-88925 // JVNDB: JVNDB-2016-007708 // NVD: CVE-2016-10175

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-104

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-104

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007708

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-88925 // VULMON: CVE-2016-10175

PATCH

title:	Insecure Remote Access and Command Execution Security Vulnerability, PSV-2016-0255	url:	http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability	Trust: 0.8
title:	NETGEARWNR2000v5router information disclosure vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/89177	Trust: 0.6
title:	NETGEAR WNR2000v5 Repair measures for router security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67475	Trust: 0.6
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/	Trust: 0.1

sources: CNVD: CNVD-2017-01202 // VULMON: CVE-2016-10175 // JVNDB: JVNDB-2016-007708 // CNNVD: CNNVD-201702-104

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10175	Trust: 3.5
db:	BID	id:	95867	Trust: 2.7
db:	EXPLOIT-DB	id:	40949	Trust: 1.2
db:	JVNDB	id:	JVNDB-2016-007708	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-104	Trust: 0.7
db:	CNVD	id:	CNVD-2017-01202	Trust: 0.6
db:	PACKETSTORM	id:	140235	Trust: 0.1
db:	VULHUB	id:	VHN-88925	Trust: 0.1
db:	VULMON	id:	CVE-2016-10175	Trust: 0.1

sources: CNVD: CNVD-2017-01202 // VULHUB: VHN-88925 // VULMON: CVE-2016-10175 // BID: 95867 // JVNDB: JVNDB-2016-007708 // CNNVD: CNNVD-201702-104 // NVD: CVE-2016-10175

REFERENCES

url:	https://raw.githubusercontent.com/pedrib/poc/master/advisories/netgear-wnr2000.txt	Trust: 2.6
url:	http://kb.netgear.com/000036549/insecure-remote-access-and-command-execution-security-vulnerability	Trust: 2.4
url:	http://www.securityfocus.com/bid/95867	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2016/dec/72	Trust: 1.8
url:	https://www.exploit-db.com/exploits/40949/	Trust: 1.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10175	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10175	Trust: 0.8
url:	http://www.netgear.com	Trust: 0.3
url:	http://seclists.org/fulldisclosure/2017/jan/88	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery	Trust: 0.1
url:	https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/	Trust: 0.1

sources: CNVD: CNVD-2017-01202 // VULHUB: VHN-88925 // VULMON: CVE-2016-10175 // BID: 95867 // JVNDB: JVNDB-2016-007708 // CNNVD: CNNVD-201702-104 // NVD: CVE-2016-10175

CREDITS

Pedro Ribeiro.

Trust: 0.3

sources: BID: 95867

SOURCES

db:	CNVD	id:	CNVD-2017-01202
db:	VULHUB	id:	VHN-88925
db:	VULMON	id:	CVE-2016-10175
db:	BID	id:	95867
db:	JVNDB	id:	JVNDB-2016-007708
db:	CNNVD	id:	CNNVD-201702-104
db:	NVD	id:	CVE-2016-10175

LAST UPDATE DATE

2024-08-14T14:05:57.424000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-01202	date:	2017-02-10T00:00:00
db:	VULHUB	id:	VHN-88925	date:	2017-09-03T00:00:00
db:	VULMON	id:	CVE-2016-10175	date:	2017-09-03T00:00:00
db:	BID	id:	95867	date:	2017-02-02T01:03:00
db:	JVNDB	id:	JVNDB-2016-007708	date:	2017-03-13T00:00:00
db:	CNNVD	id:	CNNVD-201702-104	date:	2017-02-10T00:00:00
db:	NVD	id:	CVE-2016-10175	date:	2017-09-03T01:29:03.390

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-01202	date:	2017-02-10T00:00:00
db:	VULHUB	id:	VHN-88925	date:	2017-01-30T00:00:00
db:	VULMON	id:	CVE-2016-10175	date:	2017-01-30T00:00:00
db:	BID	id:	95867	date:	2017-01-30T00:00:00
db:	JVNDB	id:	JVNDB-2016-007708	date:	2017-03-13T00:00:00
db:	CNNVD	id:	CNNVD-201702-104	date:	2017-01-29T00:00:00
db:	NVD	id:	CVE-2016-10175	date:	2017-01-30T04:59:00.203