Sign-up

ID

VAR-201704-0305


CVE

CVE-2016-1557


TITLE

plural Netgear Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2016-008489

DESCRIPTION

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. Netgear WNAP320 , WNDAP350 ,and WNDAP360 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear's various devices, and an attacker can exploit the vulnerability to obtain an administrator account and a wireless password. Security flaws exist in several Netgear products. The following products and versions are affected: Netgear WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5.5.0. Hello, We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. Several Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in `boardData102.php`, `boardData103.php`, `boardDataJP.php`, `boardDataNA.php`, and `boardDataWW.php`. This has been assigned CVE-2016-1555. Affected devices include: Netgear WN604 Netgear WN802Tv2 Netgear WNAP210 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360 Several D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the 'dlink_uid' cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include: D-Link DAP-2310 D-Link DAP-2330 D-Link DAP-2360 D-Link DAP-2553 D-Link DAP-2660 D-Link DAP-2690 D-Link DAP-2695 Several Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include: D-Link DAP-1353 D-Link DAP-2553 D-Link DAP-3520 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360 We have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March. Thanks, Dominic

Trust: 2.34

sources: NVD: CVE-2016-1557 // JVNDB: JVNDB-2016-008489 // CNVD: CNVD-2016-01689 // VULHUB: VHN-90376 // PACKETSTORM: 135956

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-01689

AFFECTED PRODUCTS

vendor:netgearmodel:wndap360scope:lteversion:3.0.5.0

Trust: 1.0

vendor:netgearmodel:wnap320scope:lteversion:3.0.5.0

Trust: 1.0

vendor:netgearmodel:wndap350scope:lteversion:3.0.5.0

Trust: 1.0

vendor:net gearmodel:wnap320scope:ltversion:3.5.5.0

Trust: 0.8

vendor:net gearmodel:wndap350scope:ltversion:3.5.5.0

Trust: 0.8

vendor:net gearmodel:wndap360scope:ltversion:3.5.5.0

Trust: 0.8

vendor:netgearmodel:wnap320scope: - version: -

Trust: 0.6

vendor:netgearmodel:wndap350scope: - version: -

Trust: 0.6

vendor:netgearmodel:wndap360scope: - version: -

Trust: 0.6

vendor:netgearmodel:wndap360scope:eqversion:3.0.5.0

Trust: 0.6

vendor:netgearmodel:wndap350scope:eqversion:3.0.5.0

Trust: 0.6

vendor:netgearmodel:wnap320scope:eqversion:3.0.5.0

Trust: 0.6

sources: CNVD: CNVD-2016-01689 // JVNDB: JVNDB-2016-008489 // CNNVD: CNNVD-201604-393 // NVD: CVE-2016-1557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1557
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1557
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-01689
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201604-393
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90376
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1557
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-01689
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90376
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1557
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-01689 // VULHUB: VHN-90376 // JVNDB: JVNDB-2016-008489 // CNNVD: CNNVD-201604-393 // NVD: CVE-2016-1557

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-90376 // JVNDB: JVNDB-2016-008489 // NVD: CVE-2016-1557

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-393

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201604-393

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008489

PATCH
title:CVE-2016-1557 - Notificationurl:https://kb.netgear.com/30482/CVE-2016-1557-Notification
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-008489

EXTERNAL IDS
db:NVDid:CVE-2016-1557
Trust: 3.2
db:PACKETSTORMid:135956
Trust: 2.6
db:JVNDBid:JVNDB-2016-008489
Trust: 0.8
db:CNNVDid:CNNVD-201604-393
Trust: 0.7
db:CNVDid:CNVD-2016-01689
Trust: 0.6
db:VULDBid:81131
Trust: 0.6
db:VULHUBid:VHN-90376
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01689 // 
            
            
            
            VULHUB: VHN-90376 // 
            
            
            
            JVNDB: JVNDB-2016-008489 // 
            
            
            
            PACKETSTORM: 135956 // 
            
            
            
            CNNVD: CNNVD-201604-393 // 
            
            
            
            NVD: CVE-2016-1557

REFERENCES
url:http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html
Trust: 2.5
url:http://seclists.org/fulldisclosure/2016/feb/112
Trust: 2.3
url:https://kb.netgear.com/30482/cve-2016-1557-notification?cid=wmt_netgear_organic
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2016-1557
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1557
Trust: 0.8
url:http://vuldb.com/?id.81131
Trust: 0.6
url:https://github.com/firmadyne/firmadyne.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1559
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1555
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1558
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01689 // 
            
            
            
            VULHUB: VHN-90376 // 
            
            
            
            JVNDB: JVNDB-2016-008489 // 
            
            
            
            PACKETSTORM: 135956 // 
            
            
            
            CNNVD: CNNVD-201604-393 // 
            
            
            
            NVD: CVE-2016-1557

CREDITS
Dominic Chen
Trust: 0.1
sources:
            
            
            PACKETSTORM: 135956

SOURCES
db:CNVDid:CNVD-2016-01689
db:VULHUBid:VHN-90376
db:JVNDBid:JVNDB-2016-008489
db:PACKETSTORMid:135956
db:CNNVDid:CNNVD-201604-393
db:NVDid:CVE-2016-1557

LAST UPDATE DATE
2024-11-23T21:54:09.613000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01689date:2016-03-16T00:00:00
db:VULHUBid:VHN-90376date:2017-04-27T00:00:00
db:JVNDBid:JVNDB-2016-008489date:2017-05-24T00:00:00
db:CNNVDid:CNNVD-201604-393date:2017-04-24T00:00:00
db:NVDid:CVE-2016-1557date:2024-11-21T02:46:38.070

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-01689date:2016-03-16T00:00:00
db:VULHUBid:VHN-90376date:2017-04-21T00:00:00
db:JVNDBid:JVNDB-2016-008489date:2017-05-24T00:00:00
db:PACKETSTORMid:135956date:2016-02-26T17:22:22
db:CNNVDid:CNNVD-201604-393date:2016-03-01T00:00:00
db:NVDid:CVE-2016-1557date:2017-04-21T15:59:00.410