CVE-2016-10174 - OpenCVE

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Netgear	Wnr2000v5 Wnr2000v5 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*

References

Link	Resource
http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability	Patch Vendor Advisory
http://seclists.org/fulldisclosure/2016/Dec/72	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/95867	Third Party Advisory VDB Entry
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt	Exploit Technical Description Third Party Advisory
https://www.exploit-db.com/exploits/40949/
https://www.exploit-db.com/exploits/41719/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-30T04:24:00

Updated: 2017-09-02T09:57:01

Reserved: 2017-01-29T00:00:00

Link: CVE-2016-10174

JSON object: View

NVD Information

Status : Modified

Published: 2017-01-30T04:59:00.157

Modified: 2017-09-03T01:29:03.343

Link: CVE-2016-10174

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-01-29T00:00:00", "descriptions": [{"lang": "en", "value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-02T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2016/Dec/72"}, {"tags": ["x_refsource_MISC"], "url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"}, {"name": "95867", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95867"}, {"name": "41719", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41719/"}, {"tags": ["x_refsource_MISC"], "url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"}, {"name": "40949", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40949/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10174", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://seclists.org/fulldisclosure/2016/Dec/72", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2016/Dec/72"}, {"name": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt", "refsource": "MISC", "url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"}, {"name": "95867", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95867"}, {"name": "41719", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41719/"}, {"name": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability", "refsource": "MISC", "url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"}, {"name": "40949", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40949/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10174", "datePublished": "2017-01-30T04:24:00", "dateReserved": "2017-01-29T00:00:00", "dateUpdated": "2017-09-02T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B964474D-2095-49AF-A6D3-869E89682898", "versionEndIncluding": "1.0.0.34", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*", "matchCriteriaId": "671EC923-DC84-47D6-B943-0F7DA8168334", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."}, {"lang": "es", "value": "El router NETGEAR WNR2000v5 contiene un desbordamiento de b\u00fafer en el par\u00e1metro hidden_lang_avi al invocar a la URL /apply.cgi?/lang_check.html. Este desbordamiento de b\u00fafer puede ser explotado por un atacante no autenticado para lograr la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2016-10174", "lastModified": "2017-09-03T01:29:03.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-30T04:59:00.157", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/fulldisclosure/2016/Dec/72"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95867"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/40949/"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/41719/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}