NETGEAR WNR2000 Authentication Bypass (CVE-2016-10176)

An authentication bypass vulnerability exists in NETGEAR WMR2000 Routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

Design/Logic Flaw

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRSnetgearsuccess.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers t...

CVE-2016-10176

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server uhttpd and processed accordingly. The web server also contains another URL, applynoauth.cgi, that...

CVE-2016-10176

CVE-2016-10176 affects NETGEAR WNR2000v5 routers. The embedded web server (uhttpd) exposes two URLs: apply.cgi (administrator actions) and apply_noauth.cgi (unauthenticated actions). Exploitation can allow changing router settings (e.g., password-recovery data) and can lead to remote code executi...

NETGEAR WNR2000 Router Multiple Vulnerabilities (Dec 2016) - Active Check

NETGEAR WNR2000 Router devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...