Vulnerability CVE-2016-1555


Published: 2017-04-21

Description:
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.

See advisories in our WLB2 database:
Topic
Author
Date
High
Netgear Devices Unauthenticated Remote Command Execution (Metasploit)
Metasploit
28.11.2018

Type:

CWE-77

(Improper Neutralization of Special Elements used in a Command ('Command Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Netgear -> Wndap210v2 firmware 
Netgear -> Wnap320 firmware 
Netgear -> Wndap350 firmware 
Netgear -> Wndap660 firmware 
Netgear -> Wn604 firmware 
Netgear -> Wndap360 firmware 
Netgear -> Wn802tv2 firmware 

 References:
http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2016/Feb/112
https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic
https://www.exploit-db.com/exploits/45909/

Copyright 2020, cxsecurity.com

 

Back to Top