CVE-2016-10174

Published: Jan 30, 2017Modified: Apr 21, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

Affected (28)

Products: Netgear: D6100 Firmware, D7000 Firmware, D7800 Firmware, Jnr1010v2 Firmware, Jnr3300 Firmware, Jwnr2010v5 Firmware, R2000 Firmware, R6100 Firmware, R6220 Firmware, R7500 Firmware, R7500v2 Firmware, Wndr3700v4 Firmware, Wndr3800 Firmware, Wndr4300 Firmware, Wndr4300v2 Firmware, Wndr4500v3 Firmware, Wndr4700 Firmware, Wnr1000v2 Firmware, Wnr1000v4 Firmware, Wnr2000v3 Firmware, Wnr2000v4 Firmware, Wnr2000v5 Firmware, Wnr2020 Firmware, Wnr2050 Firmware, Wnr2200 Firmware, Wnr2500 Firmware, Wnr614 Firmware, Wnr618 Firmware

28 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6100 Firmware	All versions

Running on/with	Platform Versions
Netgear D6100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D7000 Firmware	All versions

Running on/with	Platform Versions
Netgear D7000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D7800 Firmware	All versions

Running on/with	Platform Versions
Netgear D7800	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Jnr1010v2 Firmware	All versions

Running on/with	Platform Versions
Netgear Jnr1010v2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Jnr3300 Firmware	All versions

Running on/with	Platform Versions
Netgear Jnr3300	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Jwnr2010v5 Firmware	All versions

Running on/with	Platform Versions
Netgear Jwnr2010v5	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R2000 Firmware	All versions

Running on/with	Platform Versions
Netgear R2000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6100 Firmware	All versions

Running on/with	Platform Versions
Netgear R6100	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6220 Firmware	All versions

Running on/with	Platform Versions
Netgear R6220	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7500 Firmware	All versions

Running on/with	Platform Versions
Netgear R7500	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7500v2 Firmware	All versions

Running on/with	Platform Versions
Netgear R7500v2	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr3700v4 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr3700v4	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr3800 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr3800	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr4300 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr4300	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr4300v2 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr4300v2	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr4500v3 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr4500v3	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr4700 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr4700	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr1000v2 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr1000v2	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr1000v4 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr1000v4	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr2000v3 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr2000v3	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr2000v4 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr2000v4	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr2000v5 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr2000v5	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr2020 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr2020	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr2050 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr2050	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr2200 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr2200	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr2500 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr2500	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr614 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr614	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr618 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr618	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (13)

http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability

Source: cve@mitre.org

Vendor Advisory

http://seclists.org/fulldisclosure/2016/Dec/72

Source: cve@mitre.org

ExploitMailing ListThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/95867

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://www.exploit-db.com/exploits/40949/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/41719/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability