CVE-2016-1555 — CRITICAL (9.8)

Q: How severe is CVE-2016-1555?

CVE-2016-1555 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-1555?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wnap320 Firmware, Netgear Wnap320, Netgear Wndap350 Firmware, Netgear Wndap350, Netgear Wndap360 Firmware.

Vulnerability Description

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	Wnap320 Firmware	<= 3.0.5.0
Netgear	Wnap320	-
Netgear	Wndap350 Firmware	<= 3.0.5.0
Netgear	Wndap350	-
Netgear	Wndap360 Firmware	<= 3.0.5.0
Netgear	Wndap360	-
Netgear	Wndap210V2 Firmware	<= 3.0.5.0
Netgear	Wndap210V2	-
Netgear	Wn604 Firmware	<= 3.3.2
Netgear	Wn604	-
Netgear	Wndap660 Firmware	<= 3.0.5.0
Netgear	Wndap660	-
Netgear	Wn802Tv2 Firmware	<= 3.0.5.0
Netgear	Wn802Tv2	-

Related Weaknesses (CWE)

CWE-77

References

http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-InjThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2016/Feb/112Mailing ListThird Party Advisory
https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organicPatchVendor Advisory
https://www.exploit-db.com/exploits/45909/ExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-InjThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2016/Feb/112Mailing ListThird Party Advisory
https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organicPatchVendor Advisory
https://www.exploit-db.com/exploits/45909/ExploitThird Party AdvisoryVDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-US Government Resource

FAQ

What is CVE-2016-1555?

CVE-2016-1555 is a vulnerability with a CVSS score of 9.8 (CRITICAL). (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WN...

How severe is CVE-2016-1555?

CVE-2016-1555 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-1555?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wnap320 Firmware, Netgear Wnap320, Netgear Wndap350 Firmware, Netgear Wndap350, Netgear Wndap360 Firmware.