Vulnerabilites related to netgear - wndap210v2_firmware
cve-2016-1556
Vulnerability from cvelistv5
Published
2017-04-21 15:00
Modified
2024-08-05 23:02
Severity ?
EPSS score ?
Summary
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2016/Feb/112 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:02:12.003Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", }, { name: "20160225 D-Link, Netgear Router Vulnerabiltiies", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2016/Feb/112", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-24T00:00:00", descriptions: [ { lang: "en", value: "Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-21T14:57:01", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", }, { name: "20160225 D-Link, Netgear Router Vulnerabiltiies", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2016/Feb/112", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2016-1556", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic", refsource: "CONFIRM", url: "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic", }, { name: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", }, { name: "20160225 D-Link, Netgear Router Vulnerabiltiies", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2016/Feb/112", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2016-1556", datePublished: "2017-04-21T15:00:00", dateReserved: "2016-01-07T00:00:00", dateUpdated: "2024-08-05T23:02:12.003Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1555
Vulnerability from cvelistv5
Published
2017-04-21 15:00
Modified
2025-02-07 13:17
Severity ?
EPSS score ?
Summary
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/45909/ | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2016/Feb/112 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:02:12.167Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", }, { name: "45909", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45909/", }, { name: "20160225 D-Link, Netgear Router Vulnerabiltiies", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2016/Feb/112", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2016-1555", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T13:10:18.350058Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-25", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-1555", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T13:17:23.485Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-24T00:00:00.000Z", descriptions: [ { lang: "en", value: "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-01T10:57:01.000Z", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", }, { name: "45909", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/45909/", }, { name: "20160225 D-Link, Netgear Router Vulnerabiltiies", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2016/Feb/112", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2016-1555", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic", refsource: "CONFIRM", url: "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic", }, { name: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", }, { name: "45909", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/45909/", }, { name: "20160225 D-Link, Netgear Router Vulnerabiltiies", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2016/Feb/112", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2016-1555", datePublished: "2017-04-21T15:00:00.000Z", dateReserved: "2016-01-07T00:00:00.000Z", dateUpdated: "2025-02-07T13:17:23.485Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2017-04-21 15:59
Modified
2025-02-19 19:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - | |
| netgear | wndap210v2_firmware | * | |
| netgear | wndap210v2 | - | |
| netgear | wn604_firmware | * | |
| netgear | wn604 | - | |
| netgear | wndap660_firmware | * | |
| netgear | wndap660 | - | |
| netgear | wn802tv2_firmware | * | |
| netgear | wn802tv2 | - |
{ cisaActionDue: "2022-04-15", cisaExploitAdd: "2022-03-25", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "NETGEAR Multiple WAP Devices Command Injection Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBCE4D2F-5A11-4043-8F3E-4C10D155A6ED", versionEndIncluding: "3.0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*", matchCriteriaId: "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB422D25-D72D-445B-869D-4A5FBF285357", versionEndIncluding: "3.0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*", matchCriteriaId: "C82A16C2-DC48-4792-A4C7-8AC43F84196D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA1E8F1E-AB78-4C4B-BE0B-AE17E4636077", versionEndIncluding: "3.0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*", matchCriteriaId: "7975D6EC-1816-4D52-8C87-77C1B6404120", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndap210v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9801E95C-9464-4594-B4E8-6F227C597C27", versionEndIncluding: "3.0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndap210v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5D1AD5A1-5212-4C0A-88BB-F34314F9C037", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8CA9CFC3-D7D5-4538-AA31-9C4504E5AFA7", versionEndIncluding: "3.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*", matchCriteriaId: "CD31DCAA-BAA5-4463-9EA4-A7076A625407", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "99E67C3D-8907-4A96-BBAA-128959DB3962", versionEndIncluding: "3.0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*", matchCriteriaId: "58D2492E-0CDC-4242-9206-7F0453B11CBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn802tv2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "169F7661-BB39-4188-A26E-9791FCE1DA6B", versionEndIncluding: "3.0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn802tv2:-:*:*:*:*:*:*:*", matchCriteriaId: "05B05670-CC01-4F53-B1A7-83FE3AFBA12E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.", }, { lang: "es", value: "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, y (5) boardDataWW.php en Netgear WN604 en versiones anteriores a 3.3.3 y WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360 y WNDAP660 en versiones anteriores a 3.5.5.0 permite a atacantes remotos ejecutar comandos arbitrarios.", }, ], id: "CVE-2016-1555", lastModified: "2025-02-19T19:45:56.310", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2017-04-21T15:59:00.333", references: [ { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", }, { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2016/Feb/112", }, { source: "cret@cert.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic", }, { source: "cret@cert.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45909/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2016/Feb/112", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45909/", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-21 15:59
Modified
2024-11-21 02:46
Severity ?
Summary
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html | Third Party Advisory, VDB Entry | |
| cret@cert.org | http://seclists.org/fulldisclosure/2016/Feb/112 | Mailing List, Third Party Advisory | |
| cret@cert.org | https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/Feb/112 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | wnap320_firmware | * | |
| netgear | wnap320 | - | |
| netgear | wndap350_firmware | * | |
| netgear | wndap350 | - | |
| netgear | wndap360_firmware | * | |
| netgear | wndap360 | - | |
| netgear | wndap210v2_firmware | * | |
| netgear | wndap210v2 | - | |
| netgear | wn604_firmware | * | |
| netgear | wn604 | - | |
| netgear | wnd930_firmware | * | |
| netgear | wnd930 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBCE4D2F-5A11-4043-8F3E-4C10D155A6ED", versionEndIncluding: "3.0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*", matchCriteriaId: "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB422D25-D72D-445B-869D-4A5FBF285357", versionEndIncluding: "3.0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*", matchCriteriaId: "C82A16C2-DC48-4792-A4C7-8AC43F84196D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA1E8F1E-AB78-4C4B-BE0B-AE17E4636077", versionEndIncluding: "3.0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*", matchCriteriaId: "7975D6EC-1816-4D52-8C87-77C1B6404120", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndap210v2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9801E95C-9464-4594-B4E8-6F227C597C27", versionEndIncluding: "3.0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndap210v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5D1AD5A1-5212-4C0A-88BB-F34314F9C037", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8CA9CFC3-D7D5-4538-AA31-9C4504E5AFA7", versionEndIncluding: "3.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*", matchCriteriaId: "CD31DCAA-BAA5-4463-9EA4-A7076A625407", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnd930_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B71DF419-B28F-4B6A-8404-420326DFC2BE", versionEndIncluding: "2.0.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnd930:-:*:*:*:*:*:*:*", matchCriteriaId: "91593610-E45D-450B-AD40-74375DA37EF6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.", }, { lang: "es", value: "Divulgación de información en Netgear WN604 en versiones anteriores a 3.3.3; WNAP210, WNAP320, WNDAP350 y WNDAP360 en versiones anteriores a 3.5.5.0; y WND930 en versiones anteriores a 2.0.11 permite a los atacantes remotos leer el PIN o frase de acceso WPS inalámbrico visitando páginas web no autenticadas.", }, ], id: "CVE-2016-1556", lastModified: "2024-11-21T02:46:37.960", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-21T15:59:00.363", references: [ { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", }, { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2016/Feb/112", }, { source: "cret@cert.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2016/Feb/112", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }