CVE-2016-10176 — CRITICAL (9.8)

Q: How severe is CVE-2016-10176?

CVE-2016-10176 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-10176?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wnr2000V5 Firmware, Netgear Wnr2000V5.

Vulnerability Description

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	Wnr2000V5 Firmware	<= 1.0.0.34
Netgear	Wnr2000V5	-

Related Weaknesses (CWE)

CWE-20

References

http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-SecPatchVendor Advisory
http://seclists.org/fulldisclosure/2016/Dec/72ExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/95867Third Party AdvisoryVDB Entry
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.tExploitTechnical DescriptionThird Party Advisory
https://www.exploit-db.com/exploits/40949/
http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-SecPatchVendor Advisory
http://seclists.org/fulldisclosure/2016/Dec/72ExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/95867Third Party AdvisoryVDB Entry
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.tExploitTechnical DescriptionThird Party Advisory
https://www.exploit-db.com/exploits/40949/

FAQ

What is CVE-2016-10176?

CVE-2016-10176 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server ...

How severe is CVE-2016-10176?

CVE-2016-10176 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-10176?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wnr2000V5 Firmware, Netgear Wnr2000V5.