The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
References
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
History
27 Jan 2025, 19:46
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability - Vendor Advisory | |
| References | () https://www.exploit-db.com/exploits/40949/ - Exploit, Third Party Advisory, VDB Entry | |
| References | () https://www.exploit-db.com/exploits/41719/ - Exploit, Third Party Advisory, VDB Entry | |
| References | () http://www.securityfocus.com/bid/95867 - Broken Link, Third Party Advisory, VDB Entry | |
| References | () http://seclists.org/fulldisclosure/2016/Dec/72 - Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| References | () https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt - Exploit, Technical Description, Third Party Advisory |
16 Jul 2024, 17:58
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Netgear r6100
Netgear r7500 Netgear r6220 Netgear wnr2500 Netgear wnr2020 Firmware Netgear jwnr2010v5 Firmware Netgear wndr4700 Netgear wnr1000v2 Netgear wnr2200 Firmware Netgear r6100 Firmware Netgear jwnr2010v5 Netgear wnr2050 Firmware Netgear wndr4700 Firmware Netgear wnr2000v4 Netgear wndr4300 Firmware Netgear wnr2020 Netgear wndr3800 Netgear r7500v2 Firmware Netgear d6100 Firmware Netgear wnr1000v2 Firmware Netgear wnr2000v3 Firmware Netgear jnr3300 Netgear wndr4500v3 Netgear wndr4500v3 Firmware Netgear d7800 Netgear wndr3700v4 Netgear wnr1000v4 Firmware Netgear wnr2000v4 Firmware Netgear wndr3800 Firmware Netgear jnr1010v2 Netgear wnr614 Firmware Netgear r7500v2 Netgear wnr618 Netgear r6220 Firmware Netgear d7000 Netgear wnr1000v4 Netgear wndr4300v2 Netgear wndr3700v4 Firmware Netgear wnr2050 Netgear d7800 Firmware Netgear wnr614 Netgear d7000 Firmware Netgear r2000 Netgear wnr2200 Netgear r2000 Firmware Netgear wnr2000v3 Netgear r7500 Firmware Netgear wndr4300v2 Firmware Netgear wnr2500 Firmware Netgear jnr3300 Firmware Netgear d6100 Netgear wnr618 Firmware Netgear wndr4300 Netgear jnr1010v2 Firmware |
|
| CPE | cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr614_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr3700v4:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6100_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6220_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr618_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr4300v2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2000v4_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2050_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr4500v3:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:jnr1010v2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2000v5_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr1000v2_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2000v3:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr3800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:jwnr2010v5_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr1000v2:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr3700v4_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:jnr3300_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:d7800_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr4500v3_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr3800:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr4700_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:jwnr2010v5:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:d6100_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2000v3_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr4300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7500v2_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr4300v2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:jnr1010v2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr1000v4:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2500:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr1000v4_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r2000_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:* |
|
| CWE | CWE-120 | |
| References | (MISC) http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability - Vendor Advisory | |
| References | (MISC) http://seclists.org/fulldisclosure/2016/Dec/72 - Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| References | (BID) http://www.securityfocus.com/bid/95867 - Broken Link, Third Party Advisory, VDB Entry | |
| References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/40949/ - Exploit, Third Party Advisory, VDB Entry | |
| References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/41719/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2017-01-30 04:59
Updated : 2025-03-14 15:33
NVD link : CVE-2016-10174
Mitre link : CVE-2016-10174
JSON object : View
Products Affected
netgear
- wndr3700v4_firmware
- r7500v2
- wnr2000v4
- wndr4700
- wnr2500
- wnr618
- wnr614
- wndr4500v3
- jwnr2010v5_firmware
- wnr2200
- jwnr2010v5
- d7800
- wnr2050_firmware
- r7500
- wnr2200_firmware
- r6220
- wnr2020_firmware
- d7800_firmware
- d6100_firmware
- d7000_firmware
- r6220_firmware
- wndr4300
- wndr4500v3_firmware
- wnr2500_firmware
- d7000
- jnr3300_firmware
- jnr1010v2
- r2000_firmware
- jnr1010v2_firmware
- r6100
- jnr3300
- r2000
- r7500v2_firmware
- wnr2020
- wndr3700v4
- d6100
- wnr614_firmware
- wnr1000v2_firmware
- wnr1000v4_firmware
- r6100_firmware
- wnr1000v2
- wnr2000v4_firmware
- wndr4300v2_firmware
- wndr4300v2
- wnr1000v4
- wndr3800
- wndr4300_firmware
- wnr2000v5
- wnr2050
- wnr618_firmware
- wndr4700_firmware
- wnr2000v3
- r7500_firmware
- wndr3800_firmware
- wnr2000v5_firmware
- wnr2000v3_firmware
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')