CVE-2016-10174
CVE-2016-10174
In short
A NETGEAR router has a dangerous flaw where an attacker can send specially crafted data to crash the router or run malicious code without needing a password. This happens through a web parameter that doesn't properly check input size.
Technical detail
The WNR2000v5 router is vulnerable to unauthenticated buffer overflow via the hidden_lang_avi parameter in /apply.cgi?/lang_check.html, allowing remote code execution (CWE-120). Pre-condition: network access to the device's web interface. Impact: complete device compromise without authentication.
Summary generated and translated by AI from the official description.
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 4
cve_referencewww.exploit-db.com/exploits/40949/unverifiedcve_referencewww.exploit-db.com/exploits/41719/unverifiedexploitdbwww.exploit-db.com/exploits/40949unverifiedexploitdbwww.exploit-db.com/exploits/41719unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerabilityhttp://seclists.org/fulldisclosure/2016/Dec/72https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txthttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10174https://www.exploit-db.com/exploits/40949/https://www.exploit-db.com/exploits/41719/http://www.securityfocus.com/bid/95867