CVE-2016-10176 : The NETGEAR WNR2000v5 router allows an administrator to perform sensitive action

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution.

Published 2017-01-30 04:59:00

Updated 2017-09-03 01:29:03

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validationExecute code

Products affected by CVE-2016-10176

Netgear » Wnr2000v5 Firmware
Versions up to, including, (<=) 1.0.0.34
cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Wnr2000v5 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2016-10176

EPSS FAQ

2.68%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2016-10176

NETGEAR WNR2000v5 Administrator Password Recovery

Disclosure Date: 2016-12-20

First seen: 2020-04-26

auxiliary/admin/http/netgear_wnr2000_pass_recovery

The NETGEAR WNR2000 router has a vulnerability in the way it handles password recovery. This vulnerability can be exploited by an unauthenticated attacker who is able to guess the value of a certain timestamp which is in the configuration of the router. Brute

More information

CVSS scores for CVE-2016-10176

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-10176

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-10176

http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability

Insecure Remote Access and Command Execution Security Vulnerability, PSV-2016-0255 | Answer | NETGEAR Support
Patch;Vendor Advisory

CVEs referencing this url
https://www.exploit-db.com/exploits/40949/

NETGEAR WNR2000v5 - Remote Code Execution

CVEs referencing this url
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt

Exploit;Technical Description;Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2016/Dec/72

Full Disclosure: [0-day] RCE and admin credential disclosure in NETGEAR WNR2000
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/95867

Netgear WNR2000 Multiple Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to