var-201701-0162
Vulnerability from variot
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. An information disclosure vulnerability 3. A stack-buffer overflow vulnerability An attacker may leverage this issue to bypass the authentication mechanism and perform unauthorized actions, obtain sensitive information, or execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Netgear WNR2000 firmware version 5 is affected; other versions may also be affected. A security vulnerability exists in the NETGEAR WNR2000v5 router
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0162", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "wnr2000v5", "scope": null, "trust": 1.6, "vendor": "net gear", "version": null }, { "model": "wnr2000v5", "scope": "lte", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.34" }, { "model": "wnr2000", "scope": "eq", "trust": 0.9, "vendor": "netgear", "version": "5" }, { "model": "wnr2000v5", "scope": "eq", "trust": 0.6, "vendor": "netgear", "version": "1.0.0.34" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-01202" }, { "db": "BID", "id": "95867" }, { "db": "JVNDB", "id": "JVNDB-2016-007708" }, { "db": "NVD", "id": "CVE-2016-10175" }, { "db": "CNNVD", "id": "CNNVD-201702-104" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.0.34", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-10175" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Pedro Ribeiro.", "sources": [ { "db": "BID", "id": "95867" } ], "trust": 0.3 }, "cve": "CVE-2016-10175", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-10175", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-01202", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-88925", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-10175", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-10175", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2017-01202", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201702-104", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-88925", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-10175", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-01202" }, { "db": "VULHUB", "id": "VHN-88925" }, { "db": "VULMON", "id": "CVE-2016-10175" }, { "db": "JVNDB", "id": "JVNDB-2016-007708" }, { "db": "NVD", "id": "CVE-2016-10175" }, { "db": "CNNVD", "id": "CNNVD-201702-104" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities:\n1. An authentication-bypass vulnerability\n2. An information disclosure vulnerability\n3. A stack-buffer overflow vulnerability\nAn attacker may leverage this issue to bypass the authentication mechanism and perform unauthorized actions, obtain sensitive information, or execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. \nNetgear WNR2000 firmware version 5 is affected; other versions may also be affected. A security vulnerability exists in the NETGEAR WNR2000v5 router", "sources": [ { "db": "NVD", "id": "CVE-2016-10175" }, { "db": "JVNDB", "id": "JVNDB-2016-007708" }, { "db": "CNVD", "id": "CNVD-2017-01202" }, { "db": "BID", "id": "95867" }, { "db": "VULHUB", "id": "VHN-88925" }, { "db": "VULMON", "id": "CVE-2016-10175" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-88925", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40949", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-88925" }, { "db": "VULMON", "id": "CVE-2016-10175" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-10175", "trust": 3.5 }, { "db": "BID", "id": "95867", "trust": 2.7 }, { "db": "EXPLOIT-DB", "id": "40949", "trust": 1.2 }, { "db": "JVNDB", "id": "JVNDB-2016-007708", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201702-104", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2017-01202", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "140235", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-88925", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-10175", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-01202" }, { "db": "VULHUB", "id": "VHN-88925" }, { "db": "VULMON", "id": "CVE-2016-10175" }, { "db": "BID", "id": "95867" }, { "db": "JVNDB", "id": "JVNDB-2016-007708" }, { "db": "NVD", "id": "CVE-2016-10175" }, { "db": "CNNVD", "id": "CNNVD-201702-104" } ] }, "id": "VAR-201701-0162", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2017-01202" }, { "db": "VULHUB", "id": "VHN-88925" } ], "trust": 1.5116521 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-01202" } ] }, "last_update_date": "2023-12-18T12:37:38.971000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Insecure Remote Access and Command Execution Security Vulnerability, PSV-2016-0255", "trust": 0.8, "url": "http://kb.netgear.com/000036549/insecure-remote-access-and-command-execution-security-vulnerability" }, { "title": "NETGEARWNR2000v5router information disclosure vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/89177" }, { "title": "NETGEAR WNR2000v5 Repair measures for router security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67475" }, { "title": "BleepingComputer", "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-01202" }, { "db": "VULMON", "id": "CVE-2016-10175" }, { "db": "JVNDB", "id": "JVNDB-2016-007708" }, { "db": "CNNVD", "id": "CNNVD-201702-104" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88925" }, { "db": "JVNDB", "id": "JVNDB-2016-007708" }, { "db": "NVD", "id": "CVE-2016-10175" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://raw.githubusercontent.com/pedrib/poc/master/advisories/netgear-wnr2000.txt" }, { "trust": 2.4, "url": "http://kb.netgear.com/000036549/insecure-remote-access-and-command-execution-security-vulnerability" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/95867" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2016/dec/72" }, { "trust": 1.3, "url": "https://www.exploit-db.com/exploits/40949/" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10175" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10175" }, { "trust": 0.3, "url": "http://www.netgear.com" }, { "trust": 0.3, "url": "http://seclists.org/fulldisclosure/2017/jan/88" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery" }, { "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-patch-seven-security-flaws-affecting-their-routers/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-01202" }, { "db": "VULHUB", "id": "VHN-88925" }, { "db": "VULMON", "id": "CVE-2016-10175" }, { "db": "BID", "id": "95867" }, { "db": "JVNDB", "id": "JVNDB-2016-007708" }, { "db": "NVD", "id": "CVE-2016-10175" }, { "db": "CNNVD", "id": "CNNVD-201702-104" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2017-01202" }, { "db": "VULHUB", "id": "VHN-88925" }, { "db": "VULMON", "id": "CVE-2016-10175" }, { "db": "BID", "id": "95867" }, { "db": "JVNDB", "id": "JVNDB-2016-007708" }, { "db": "NVD", "id": "CVE-2016-10175" }, { "db": "CNNVD", "id": "CNNVD-201702-104" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-02-10T00:00:00", "db": "CNVD", "id": "CNVD-2017-01202" }, { "date": "2017-01-30T00:00:00", "db": "VULHUB", "id": "VHN-88925" }, { "date": "2017-01-30T00:00:00", "db": "VULMON", "id": "CVE-2016-10175" }, { "date": "2017-01-30T00:00:00", "db": "BID", "id": "95867" }, { "date": "2017-03-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007708" }, { "date": "2017-01-30T04:59:00.203000", "db": "NVD", "id": "CVE-2016-10175" }, { "date": "2017-01-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201702-104" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-02-10T00:00:00", "db": "CNVD", "id": "CNVD-2017-01202" }, { "date": "2017-09-03T00:00:00", "db": "VULHUB", "id": "VHN-88925" }, { "date": "2017-09-03T00:00:00", "db": "VULMON", "id": "CVE-2016-10175" }, { "date": "2017-02-02T01:03:00", "db": "BID", "id": "95867" }, { "date": "2017-03-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007708" }, { "date": "2017-09-03T01:29:03.390000", "db": "NVD", "id": "CVE-2016-10175" }, { "date": "2017-02-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201702-104" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201702-104" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NETGEAR WNR2000v5 Vulnerability to leak serial number in router", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007708" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201702-104" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.