Vulnerability Description
NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Prosafe Wc9500 Firmware | 5.1.0.17 |
| Netgear | Prosafe Wc9500 | - |
| Netgear | Prosafe Wc7600 Firmware | 5.1.0.17 |
| Netgear | Prosafe Wc7600 | - |
| Netgear | Prosafe Wc7520 Firmware | 2.5.0.35 |
| Netgear | Prosafe Wc7520 | - |
Related Weaknesses (CWE)
References
- http://firmware.re/vulns/acsa-2015-002.phpExploitThird Party Advisory
- https://github.com/threat9/routersploit/blob/master/routersploit/modules/exploitExploitThird Party Advisory
- https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wirelesThird Party Advisory
- http://firmware.re/vulns/acsa-2015-002.phpExploitThird Party Advisory
- https://github.com/threat9/routersploit/blob/master/routersploit/modules/exploitExploitThird Party Advisory
- https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wirelesThird Party Advisory
FAQ
What is CVE-2016-11022?
CVE-2016-11022 is a vulnerability with a CVSS score of 7.2 (HIGH). NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_...
How severe is CVE-2016-11022?
CVE-2016-11022 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-11022?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Prosafe Wc9500 Firmware, Netgear Prosafe Wc9500, Netgear Prosafe Wc7600 Firmware, Netgear Prosafe Wc7600, Netgear Prosafe Wc7520 Firmware.