CVSS: 9.8EPSS: 23%CPEs: 6EXPL: 0CVE-2017-6862 – NETGEAR Multiple Devices Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2017-6862
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261. Dispositivos NETGEAR WNR2000v3 anteriores a 1.1.2.14, WNR2000v4 anteriores a 1.0.0.42 permite rodear la autentificación y ejecutar código remoto mediante un buffer overflow que usa un parámetro en la administración de la aplicación. El ID del NETGEAR es PSV-2016-0261. Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution. • http://www.securityfocus.com/bid/98740 https://kb.netgear.com/000038542/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-Some-Routers-PSV-2016-0261 https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_netgear_wnr2000v5_-_cve-2017-6862.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 10%CPEs: 2EXPL: 3CVE-2016-10175 – Netgear WNR2000v5 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10175
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. El router NETGEAR WNR2000v5 filtra su número de serie cuando se realiza una petición a la URI /BRS_netgear_success.html. Este número de serie permite a un usuario obtener el nombre de usuario y contraseña del administrador, cuando se utiliza en combinación con la vulnerabilidad CVE-2016-10176 que permite restablecer las respuestas a las preguntas de recuperación de contraseña. Netgear WNR2000 suffers from a remote code execution vulnerability and various other security issues. • https://www.exploit-db.com/exploits/40949 http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability http://seclists.org/fulldisclosure/2016/Dec/72 http://www.securityfocus.com/bid/95867 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 29%CPEs: 2EXPL: 3CVE-2016-10176 – Netgear WNR2000v5 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10176
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution. El router NETGEAR WNR2000v5 permite a un administrador realizar acciones sensibles invocando a la URL apply.cgi en el servidor web del dispositivo. • https://www.exploit-db.com/exploits/40949 http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability http://seclists.org/fulldisclosure/2016/Dec/72 http://www.securityfocus.com/bid/95867 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 5CVE-2016-10174 – NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2016-10174
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. El router NETGEAR WNR2000v5 contiene un desbordamiento de búfer en el parámetro hidden_lang_avi al invocar a la URL /apply.cgi?/lang_check.html. • https://www.exploit-db.com/exploits/40949 https://www.exploit-db.com/exploits/41719 http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability http://seclists.org/fulldisclosure/2016/Dec/72 http://www.securityfocus.com/bid/95867 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt https://seclists.org/fulldisclosure/2016/Dec/72 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •