Vulnerability Details CVE-2016-1555
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.942
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2016/Feb/112
- https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic
- https://www.exploit-db.com/exploits/45909/
- http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2016/Feb/112
- https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic
- https://www.exploit-db.com/exploits/45909/
Products affected by CVE-2016-1555
-
cpe:2.3:h:netgear:wn604:-
-
cpe:2.3:h:netgear:wn802tv2:-
-
cpe:2.3:h:netgear:wnap320:-
-
cpe:2.3:h:netgear:wndap210v2:-
-
cpe:2.3:h:netgear:wndap350:-
-
cpe:2.3:h:netgear:wndap360:-
-
cpe:2.3:h:netgear:wndap660:-
-
cpe:2.3:o:netgear:wn604_firmware:3.3.2
-
cpe:2.3:o:netgear:wn802tv2_firmware:3.0.5.0
-
cpe:2.3:o:netgear:wnap320_firmware:2.0
-
cpe:2.3:o:netgear:wnap320_firmware:2.0.3
-
cpe:2.3:o:netgear:wnap320_firmware:2.1.1
-
cpe:2.3:o:netgear:wnap320_firmware:2.1.5
-
cpe:2.3:o:netgear:wnap320_firmware:2.1.6
-
cpe:2.3:o:netgear:wnap320_firmware:3.0.0.7
-
cpe:2.3:o:netgear:wnap320_firmware:3.0.4.0
-
cpe:2.3:o:netgear:wnap320_firmware:3.0.5.0
-
cpe:2.3:o:netgear:wndap210v2_firmware:3.0.5.0
-
cpe:2.3:o:netgear:wndap350_firmware:3.0.5.0
-
cpe:2.3:o:netgear:wndap360_firmware:3.0.5.0
-
cpe:2.3:o:netgear:wndap660_firmware:3.0.5.0