Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2016-10174
HistoryJan 30, 2017 - 4:59 a.m.

CVE-2016-10174

2017-01-3004:59:00
CWE-120
mitre
web.nvd.nist.gov
841
In Wild
cve-2016-10174
netgear
wnr2000v5
router
buffer overflow
hidden_lang_avi
remote code execution
nvd

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.972

Percentile

99.8%

JSON

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

Affected configurations

Nvd
Node
netgeard6100_firmwareMatch-
AND
netgeard6100Match-
Node
netgeard7000_firmwareMatch-
AND
netgeard7000Match-
Node
netgeard7800_firmwareMatch-
AND
netgeard7800Match-
Node
netgearjnr1010v2_firmwareMatch-
AND
netgearjnr1010v2Match-
Node
netgearjnr3300_firmwareMatch-
AND
netgearjnr3300Match-
Node
netgearjwnr2010v5_firmwareMatch-
AND
netgearjwnr2010v5Match-
Node
netgearr2000_firmwareMatch-
AND
netgearr2000Match-
Node
netgearr6100_firmwareMatch-
AND
netgearr6100Match-
Node
netgearr6220_firmwareMatch-
AND
netgearr6220Match-
Node
netgearr7500_firmwareMatch-
AND
netgearr7500Match-
Node
netgearr7500v2_firmwareMatch-
AND
netgearr7500v2Match-
Node
netgearwndr3700v4_firmwareMatch-
AND
netgearwndr3700v4Match-
Node
netgearwndr3800_firmwareMatch-
AND
netgearwndr3800Match-
Node
netgearwndr4300_firmwareMatch-
AND
netgearwndr4300Match-
Node
netgearwndr4300v2_firmwareMatch-
AND
netgearwndr4300v2Match-
Node
netgearwndr4500v3_firmwareMatch-
AND
netgearwndr4500v3Match-
Node
netgearwndr4700_firmwareMatch-
AND
netgearwndr4700Match-
Node
netgearwnr1000v2_firmwareMatch-
AND
netgearwnr1000v2Match-
Node
netgearwnr1000v4_firmwareMatch-
AND
netgearwnr1000v4Match-
Node
netgearwnr2000v3_firmwareMatch-
AND
netgearwnr2000v3Match-
Node
netgearwnr2000v4_firmwareMatch-
AND
netgearwnr2000v4Match-
Node
netgearwnr2000v5_firmwareMatch-
AND
netgearwnr2000v5Match-
Node
netgearwnr2020_firmwareMatch-
AND
netgearwnr2020Match-
Node
netgearwnr2050_firmwareMatch-
AND
netgearwnr2050Match-
Node
netgearwnr2200_firmwareMatch-
AND
netgearwnr2200Match-
Node
netgearwnr2500_firmwareMatch-
AND
netgearwnr2500Match-
Node
netgearwnr614_firmwareMatch-
AND
netgearwnr614Match-
Node
netgearwnr618_firmwareMatch-
AND
netgearwnr618Match-
VendorProductVersionCPE
netgeard6100_firmware-cpe:2.3:o:netgear:d6100_firmware:-:*:*:*:*:*:*:*
netgeard6100-cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*
netgeard7000_firmware-cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:*
netgeard7000-cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*
netgeard7800_firmware-cpe:2.3:o:netgear:d7800_firmware:-:*:*:*:*:*:*:*
netgeard7800-cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*
netgearjnr1010v2_firmware-cpe:2.3:o:netgear:jnr1010v2_firmware:-:*:*:*:*:*:*:*
netgearjnr1010v2-cpe:2.3:h:netgear:jnr1010v2:-:*:*:*:*:*:*:*
netgearjnr3300_firmware-cpe:2.3:o:netgear:jnr3300_firmware:-:*:*:*:*:*:*:*
netgearjnr3300-cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 561

Related

checkpoint_advisories 1
packetstorm 1
zdt 1
cisa_kev 1
exploitdb 2
cvelist 1
metasploit 1
attackerkb 1
prion 1
nvd 1
openvas 1
checkpoint_advisories
checkpoint_advisories
NETGEAR WNR2000v5 Remote Code Execution (CVE-2016-10174)
2019-03-25 00:00:00
packetstorm
packetstorm
NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Overflow
2017-03-24 00:00:00
zdt
zdt
NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow Exploit
2017-03-25 00:00:00
cisa_kev
cisa_kev
NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability
2022-03-25 00:00:00
exploitdb
exploitdb
Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)
2017-03-24 00:00:00
Netgear WNR2000v5 - Remote Code Execution
2016-12-21 00:00:00
cvelist
cvelist
CVE-2016-10174
2017-01-30 04:24:00
metasploit
metasploit
NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Buffer Overflow
2016-12-27 21:12:35
attackerkb
attackerkb
CVE-2016-10174
2017-01-30 00:00:00
prion
prion
Buffer overflow
2017-01-30 04:59:00
nvd
nvd
CVE-2016-10174
2017-01-30 04:59:00
openvas
openvas
NETGEAR WNR2000 Router Multiple Vulnerabilities
2016-12-30 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.972

Percentile

99.8%

JSON
Related for CVE-2016-10174
checkpoint_advisories1packetstorm1zdt1cisa_kev1exploitdb2cvelist1metasploit1attackerkb1prion1nvd1openvas1