CVE-2016-10175
Netgear WNR2000v5 - Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.
El router NETGEAR WNR2000v5 filtra su número de serie cuando se realiza una petición a la URI /BRS_netgear_success.html. Este número de serie permite a un usuario obtener el nombre de usuario y contraseña del administrador, cuando se utiliza en combinación con la vulnerabilidad CVE-2016-10176 que permite restablecer las respuestas a las preguntas de recuperación de contraseña.
Netgear WNR2000 suffers from a remote code execution vulnerability and various other security issues.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-21 CVE Published
- 2017-01-29 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (7)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/40949 | 2024-08-06 | |
http://seclists.org/fulldisclosure/2016/Dec/72 | 2024-08-06 | |
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt | 2024-08-06 |
URL | Date | SRC |
---|---|---|
http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability | 2017-09-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netgear Search vendor "Netgear" | Wnr2000v5 Firmware Search vendor "Netgear" for product "Wnr2000v5 Firmware" | <= 1.0.0.34 Search vendor "Netgear" for product "Wnr2000v5 Firmware" and version " <= 1.0.0.34" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr2000v5 Search vendor "Netgear" for product "Wnr2000v5" | - | - |
Safe
|