The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
References
| Link | Resource |
|---|---|
| http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability | Vendor Advisory |
| http://seclists.org/fulldisclosure/2016/Dec/72 | Exploit Mailing List Third Party Advisory VDB Entry |
| http://www.securityfocus.com/bid/95867 | Broken Link Third Party Advisory VDB Entry |
| https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt | Exploit Technical Description Third Party Advisory |
| https://www.exploit-db.com/exploits/40949/ | Exploit Third Party Advisory VDB Entry |
| https://www.exploit-db.com/exploits/41719/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
History
16 Jul 2024, 17:58
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Netgear wnr2000v3 Firmware
Netgear wnr1000v4 Firmware Netgear jnr1010v2 Netgear jnr3300 Netgear d7000 Netgear wnr2500 Netgear wnr1000v2 Firmware Netgear d6100 Firmware Netgear r7500v2 Netgear wnr2000v4 Netgear wnr614 Netgear jnr3300 Firmware Netgear r6220 Netgear wndr3800 Firmware Netgear d7800 Netgear wnr2000v3 Netgear jwnr2010v5 Firmware Netgear wnr1000v2 Netgear jwnr2010v5 Netgear wnr2050 Netgear wnr2200 Firmware Netgear wnr2000v4 Firmware Netgear wndr4300v2 Firmware Netgear wndr4700 Firmware Netgear r7500v2 Firmware Netgear wndr4500v3 Netgear wnr618 Netgear wndr4700 Netgear r2000 Netgear wnr2020 Firmware Netgear d7000 Firmware Netgear wndr4500v3 Firmware Netgear wnr2020 Netgear wnr618 Firmware Netgear r7500 Netgear wnr2050 Firmware Netgear jnr1010v2 Firmware Netgear wnr2500 Firmware Netgear wndr4300v2 Netgear wndr3800 Netgear wndr3700v4 Firmware Netgear r6100 Netgear r7500 Firmware Netgear wndr3700v4 Netgear wndr4300 Netgear r6100 Firmware Netgear wndr4300 Firmware Netgear wnr1000v4 Netgear wnr614 Firmware Netgear d7800 Firmware Netgear wnr2200 Netgear r6220 Firmware Netgear d6100 Netgear r2000 Firmware |
|
| CWE | CWE-120 | |
| CPE | cpe:2.3:h:netgear:wndr3800:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2000v3_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr4300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2000v4_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:jwnr2010v5:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr1000v4:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7500_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2200_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2500:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr4300v2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6220_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2500_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr4500v3:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr1000v2:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:d7800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr1000v2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7500v2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr614_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr1000v4_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr3700v4:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr4500v3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r2000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6100_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr618_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2050_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:jwnr2010v5_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:jnr1010v2:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr3800_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr4300v2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2000v3:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr4700_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:jnr1010v2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:jnr3300_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:d6100_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr3700v4_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2000v5_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:* |
|
| References | () http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability - Vendor Advisory | |
| References | () http://seclists.org/fulldisclosure/2016/Dec/72 - Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| References | () http://www.securityfocus.com/bid/95867 - Broken Link, Third Party Advisory, VDB Entry | |
| References | () https://www.exploit-db.com/exploits/40949/ - Exploit, Third Party Advisory, VDB Entry | |
| References | () https://www.exploit-db.com/exploits/41719/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2017-01-30 04:59
Updated : 2024-07-16 17:58
NVD link : CVE-2016-10174
Mitre link : CVE-2016-10174
CVE.ORG link : CVE-2016-10174
JSON object : View
Products Affected
netgear
- wndr4300v2
- jnr1010v2_firmware
- wndr4300_firmware
- d7000
- d7000_firmware
- jnr3300
- r2000
- jnr1010v2
- r7500v2
- wnr2000v4_firmware
- d7800_firmware
- wnr2000v4
- wnr2000v3
- wnr2000v5_firmware
- wndr3800_firmware
- wnr618_firmware
- wnr1000v2
- wnr618
- r2000_firmware
- wnr1000v4
- d6100_firmware
- wnr2000v3_firmware
- r6220_firmware
- wnr2050
- jnr3300_firmware
- wndr4300v2_firmware
- wnr1000v4_firmware
- wnr614
- r7500
- wnr2050_firmware
- wndr4300
- wnr2200_firmware
- d6100
- r6220
- wnr2200
- wnr1000v2_firmware
- wndr4700_firmware
- jwnr2010v5_firmware
- wnr2000v5
- jwnr2010v5
- d7800
- wnr2020_firmware
- r6100_firmware
- wndr3800
- wndr4500v3_firmware
- wndr4500v3
- wndr4700
- wndr3700v4
- wndr3700v4_firmware
- wnr2500_firmware
- wnr2020
- r7500_firmware
- r7500v2_firmware
- wnr2500
- wnr614_firmware
- r6100
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')