CVE-2016-10174
NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
6
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
El router NETGEAR WNR2000v5 contiene un desbordamiento de búfer en el parámetro hidden_lang_avi al invocar a la URL /apply.cgi?/lang_check.html. Este desbordamiento de búfer puede ser explotado por un atacante no autenticado para lograr la ejecución remota de código.
Netgear WNR2000 suffers from a remote code execution vulnerability and various other security issues.
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-12-21 CVE Published
- 2016-12-21 First Exploit
- 2017-01-29 CVE Reserved
- 2022-03-25 Exploited in Wild
- 2022-04-15 KEV Due Date
- 2025-02-04 CVE Updated
- 2025-03-27 EPSS Updated
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95867 | Third Party Advisory | |
| https://seclists.org/fulldisclosure/2016/Dec/72 |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/141806 | 2017-03-24 | |
| https://packetstorm.news/files/id/140235 | 2016-12-21 | |
| https://www.exploit-db.com/exploits/40949 | 2025-02-04 | |
| https://www.exploit-db.com/exploits/41719 | 2025-02-04 | |
| http://seclists.org/fulldisclosure/2016/Dec/72 | 2025-02-04 | |
| https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt | 2025-02-04 |
| URL | Date | SRC |
|---|---|---|
| http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability | 2016-12-20 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netgear Search vendor "Netgear" | Wnr2000v5 Firmware Search vendor "Netgear" for product "Wnr2000v5 Firmware" | <= 1.0.0.34 Search vendor "Netgear" for product "Wnr2000v5 Firmware" and version " <= 1.0.0.34" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr2000v5 Search vendor "Netgear" for product "Wnr2000v5" | - | - |
Safe
|