The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.
Published 2017-01-30 04:59:00
Updated 2017-09-03 01:29:03
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2016-10175

10.56%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2016-10175

  • NETGEAR WNR2000v5 Administrator Password Recovery
    Disclosure Date: 2016-12-20
    First seen: 2020-04-26
    auxiliary/admin/http/netgear_wnr2000_pass_recovery
    The NETGEAR WNR2000 router has a vulnerability in the way it handles password recovery. This vulnerability can be exploited by an unauthenticated attacker who is able to guess the value of a certain timestamp which is in the configuration of the router. Brute

CVSS scores for CVE-2016-10175

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
NIST
9.8
CRITICAL CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2016-10175

References for CVE-2016-10175

Products affected by CVE-2016-10175

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!