Details of VAR-202004-1260

ID

VAR-202004-1260

CVE

CVE-2016-11057

TITLE

plural NETGEAR Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-014992

DESCRIPTION

Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06. plural NETGEAR The product contains an authentication vulnerability.Information may be obtained. NETGEAR JNR1010, etc. are all wireless routers from NETGEAR. There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to bypass security restrictions by repeatedly calling specific URL scripts and access the router setting interface. This affects JNR1010v2 prior to 2017-01-06, WNR614 prior to 2017-01-06, WNR618 prior to 2017-01-06, JWNR2000v5 prior to 2017-01-06, WNR2020 prior to 2017-01-06, JWNR2010v5 prior to 2017-01-06, WNR1000v4 prior to 2017-01-06, WNR2020v2 prior to 2017-01-06, R6220 prior to 2017-01-06, and WNDR3700v5 prior to 2017-01-06

Trust: 2.25

sources: NVD: CVE-2016-11057 // JVNDB: JVNDB-2017-014992 // CNVD: CNVD-2021-83565 // VULMON: CVE-2016-11057

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-83565

AFFECTED PRODUCTS

vendor:	netgear	model:	wnr614	scope:	lt	version:	2017-01-06	Trust: 1.6
vendor:	netgear	model:	wnr618	scope:	lt	version:	2017-01-06	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	2017-01-06	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	2017-01-06	Trust: 1.6
vendor:	netgear	model:	wnr1000	scope:	lt	version:	2017-01-06	Trust: 1.0
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	2017-01-06	Trust: 1.0
vendor:	netgear	model:	wndr3700	scope:	lt	version:	2017-01-06	Trust: 1.0
vendor:	netgear	model:	jwnr2000	scope:	lt	version:	2017-01-06	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	lt	version:	2017-01-06	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	eq	version:	2017/01/06	Trust: 0.8
vendor:	netgear	model:	jwnr2000	scope:	eq	version:	2017/01/06	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	2017/01/06	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	2017/01/06	Trust: 0.8
vendor:	netgear	model:	wndr3700	scope:	eq	version:	2017/01/06	Trust: 0.8
vendor:	netgear	model:	wnr1000	scope:	eq	version:	2017/01/06	Trust: 0.8
vendor:	netgear	model:	wnr2020	scope:	eq	version:	2017/01/06	Trust: 0.8
vendor:	netgear	model:	wnr614	scope:	eq	version:	2017/01/06	Trust: 0.8
vendor:	netgear	model:	wnr618	scope:	eq	version:	2017/01/06	Trust: 0.8
vendor:	netgear	model:	dgn2200v4	scope:	lt	version:	2017-01-06	Trust: 0.6
vendor:	netgear	model:	jwnr2000v5	scope:	lt	version:	2017-01-06	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	2017-01-06	Trust: 0.6
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	2017-01-06	Trust: 0.6
vendor:	netgear	model:	wnr2020v2	scope:	lt	version:	2017-01-06	Trust: 0.6
vendor:	netgear	model:	wndr3700v5	scope:	lt	version:	2017-01-06	Trust: 0.6
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.0.0.32	Trust: 0.1
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.40	Trust: 0.1
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.42	Trust: 0.1
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.44	Trust: 0.1
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.46	Trust: 0.1
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.48	Trust: 0.1
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.50	Trust: 0.1
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.54	Trust: 0.1
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.40	Trust: 0.1
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.42	Trust: 0.1
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.44	Trust: 0.1
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.46	Trust: 0.1
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.48	Trust: 0.1
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.50	Trust: 0.1
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.54	Trust: 0.1
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.46	Trust: 0.1
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.50	Trust: 0.1
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.60	Trust: 0.1
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.64	Trust: 0.1
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.66	Trust: 0.1
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.68	Trust: 0.1
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.80	Trust: 0.1
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.86	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.86	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.88	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.92	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.94	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.96	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.1.0.46	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.1.0.48	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.1.0.50	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.1.0.54	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.40	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.42	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.44	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.46	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.48	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.50	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.54	Trust: 0.1
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.40	Trust: 0.1
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.42	Trust: 0.1
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.44	Trust: 0.1
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.46	Trust: 0.1
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.48	Trust: 0.1
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.50	Trust: 0.1
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.54	Trust: 0.1
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.62	Trust: 0.1
vendor:	netgear	model:	wnr614	scope:	eq	version:	1.1.0.40	Trust: 0.1
vendor:	netgear	model:	wnr614	scope:	eq	version:	1.1.0.54	Trust: 0.1
vendor:	netgear	model:	wnr618	scope:	eq	version:	1.1.0.40	Trust: 0.1

sources: CNVD: CNVD-2021-83565 // VULMON: CVE-2016-11057 // JVNDB: JVNDB-2017-014992 // NVD: CVE-2016-11057

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-11057
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2017-014992
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-83565
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2300
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2016-11057
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-11057
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2017-014992
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-83565
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-11057
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2017-014992
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-83565 // VULMON: CVE-2016-11057 // JVNDB: JVNDB-2017-014992 // CNNVD: CNNVD-202004-2300 // NVD: CVE-2016-11057

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-014992 // NVD: CVE-2016-11057

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2300

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-2300

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014992

PATCH

title:	NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management	url:	https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management	Trust: 0.8
title:	Patch for Multiple NETGEAR product authorization issue vulnerabilities (CNVD-2021-83565)	url:	https://www.cnvd.org.cn/patchInfo/show/296286	Trust: 0.6
title:	Multiple NETGEAR Product Authorization Issue Vulnerability Fixing Measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117916	Trust: 0.6

sources: CNVD: CNVD-2021-83565 // JVNDB: JVNDB-2017-014992 // CNNVD: CNNVD-202004-2300

EXTERNAL IDS

db:	NVD	id:	CVE-2016-11057	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-014992	Trust: 0.8
db:	CNVD	id:	CNVD-2021-83565	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2300	Trust: 0.6
db:	VULMON	id:	CVE-2016-11057	Trust: 0.1

sources: CNVD: CNVD-2021-83565 // VULMON: CVE-2016-11057 // JVNDB: JVNDB-2017-014992 // CNNVD: CNNVD-202004-2300 // NVD: CVE-2016-11057

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2016-11057	Trust: 2.0
url:	https://kb.netgear.com/29960/netgear-product-vulnerability-advisory-potential-security-issue-associated-with-remote-management	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-11057	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-83565 // VULMON: CVE-2016-11057 // JVNDB: JVNDB-2017-014992 // CNNVD: CNNVD-202004-2300 // NVD: CVE-2016-11057

SOURCES

db:	CNVD	id:	CNVD-2021-83565
db:	VULMON	id:	CVE-2016-11057
db:	JVNDB	id:	JVNDB-2017-014992
db:	CNNVD	id:	CNNVD-202004-2300
db:	NVD	id:	CVE-2016-11057

LAST UPDATE DATE

2024-11-23T23:04:25.257000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-83565	date:	2021-11-04T00:00:00
db:	VULMON	id:	CVE-2016-11057	date:	2020-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-014992	date:	2020-06-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-2300	date:	2020-05-15T00:00:00
db:	NVD	id:	CVE-2016-11057	date:	2024-11-21T02:45:23.920

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-83565	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2016-11057	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-014992	date:	2020-06-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-2300	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2016-11057	date:	2020-04-28T17:15:12.353