Details of VAR-201704-0304

ID

VAR-201704-0304

CVE

CVE-2016-1556

TITLE

plural Netgear Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2016-008524

DESCRIPTION

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear's various devices. The device bypasses the authentication page, and the attacker can use the vulnerability to obtain sensitive information such as wireless WPSPIN. NETGEAR WN604 is a wireless access point (AP) of NETGEAR. The following products and versions are affected: Netgear WN604 prior to 3.3.3; WNAP210 prior to 3.5.5.0, WNAP320 prior to 3.5.5.0, WNDAP350 prior to 3.5.5.0, WNDAP360 prior to 3.5.5.0; WND930 2.0 Versions prior to .11

Trust: 2.25

sources: NVD: CVE-2016-1556 // JVNDB: JVNDB-2016-008524 // CNVD: CNVD-2016-01690 // VULHUB: VHN-90375

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-01690

AFFECTED PRODUCTS

vendor:	netgear	model:	wndap350	scope:	lte	version:	3.0.5.0	Trust: 1.0
vendor:	netgear	model:	wnd930	scope:	lte	version:	2.0.4	Trust: 1.0
vendor:	netgear	model:	wndap360	scope:	lte	version:	3.0.5.0	Trust: 1.0
vendor:	netgear	model:	wnap320	scope:	lte	version:	3.0.5.0	Trust: 1.0
vendor:	netgear	model:	wndap210v2	scope:	lte	version:	3.0.5.0	Trust: 1.0
vendor:	netgear	model:	wn604	scope:	lte	version:	3.3.2	Trust: 1.0
vendor:	net gear	model:	wn604	scope:	lt	version:	3.3.3	Trust: 0.8
vendor:	net gear	model:	wnap210v2	scope:	lt	version:	3.5.5.0	Trust: 0.8
vendor:	net gear	model:	wnap320	scope:	lt	version:	3.5.5.0	Trust: 0.8
vendor:	net gear	model:	wnd930	scope:	lt	version:	2.0.11	Trust: 0.8
vendor:	net gear	model:	wndap350	scope:	lt	version:	3.5.5.0	Trust: 0.8
vendor:	net gear	model:	wndap360	scope:	lt	version:	3.5.5.0	Trust: 0.8
vendor:	netgear	model:	wn604	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	wnap210	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	wnap320	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	wndap350	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	wndap360	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	wnd930	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	wndap360	scope:	eq	version:	3.0.5.0	Trust: 0.6
vendor:	netgear	model:	wn604	scope:	eq	version:	3.3.2	Trust: 0.6
vendor:	netgear	model:	wndap210v2	scope:	eq	version:	3.0.5.0	Trust: 0.6
vendor:	netgear	model:	wndap350	scope:	eq	version:	3.0.5.0	Trust: 0.6
vendor:	netgear	model:	wnd930	scope:	eq	version:	2.0.4	Trust: 0.6
vendor:	netgear	model:	wnap320	scope:	eq	version:	3.0.5.0	Trust: 0.6

sources: CNVD: CNVD-2016-01690 // JVNDB: JVNDB-2016-008524 // CNNVD: CNNVD-201604-395 // NVD: CVE-2016-1556

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1556
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1556
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-01690
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201604-395
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90375
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1556
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-01690
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90375
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1556
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-01690 // VULHUB: VHN-90375 // JVNDB: JVNDB-2016-008524 // CNNVD: CNNVD-201604-395 // NVD: CVE-2016-1556

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-90375 // JVNDB: JVNDB-2016-008524 // NVD: CVE-2016-1556

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-395

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201604-395

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008524

PATCH

title:	CVE-2016-1556 - Notification	url:	https://kb.netgear.com/30481/CVE-2016-1556-Notification	Trust: 0.8
title:	Multiple Netgear Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61088	Trust: 0.6

sources: JVNDB: JVNDB-2016-008524 // CNNVD: CNNVD-201604-395

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1556	Trust: 3.1
db:	PACKETSTORM	id:	135956	Trust: 2.5
db:	JVNDB	id:	JVNDB-2016-008524	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-395	Trust: 0.7
db:	CNVD	id:	CNVD-2016-01690	Trust: 0.6
db:	VULDB	id:	81129	Trust: 0.6
db:	VULHUB	id:	VHN-90375	Trust: 0.1

sources: CNVD: CNVD-2016-01690 // VULHUB: VHN-90375 // JVNDB: JVNDB-2016-008524 // CNNVD: CNNVD-201604-395 // NVD: CVE-2016-1556

REFERENCES

url:	http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2016/feb/112	Trust: 2.3
url:	https://kb.netgear.com/30481/cve-2016-1556-notification?cid=wmt_netgear_organic	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1556	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1556	Trust: 0.8
url:	http://vuldb.com/?id.81129	Trust: 0.6

sources: CNVD: CNVD-2016-01690 // VULHUB: VHN-90375 // JVNDB: JVNDB-2016-008524 // CNNVD: CNNVD-201604-395 // NVD: CVE-2016-1556

SOURCES

db:	CNVD	id:	CNVD-2016-01690
db:	VULHUB	id:	VHN-90375
db:	JVNDB	id:	JVNDB-2016-008524
db:	CNNVD	id:	CNNVD-201604-395
db:	NVD	id:	CVE-2016-1556

LAST UPDATE DATE

2024-11-23T21:54:09.508000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-01690	date:	2016-03-16T00:00:00
db:	VULHUB	id:	VHN-90375	date:	2017-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2016-008524	date:	2017-05-29T00:00:00
db:	CNNVD	id:	CNNVD-201604-395	date:	2017-04-24T00:00:00
db:	NVD	id:	CVE-2016-1556	date:	2024-11-21T02:46:37.960

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-01690	date:	2016-03-16T00:00:00
db:	VULHUB	id:	VHN-90375	date:	2017-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-008524	date:	2017-05-29T00:00:00
db:	CNNVD	id:	CNNVD-201604-395	date:	2016-03-01T00:00:00
db:	NVD	id:	CVE-2016-1556	date:	2017-04-21T15:59:00.363