← Retour aux CVEs
CVE-2016-1555
CRITICALCISA KEV9.8
Description
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/21/2017
Derniere modification10/22/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurNETGEAR
ProduitWireless Access Point (WAP) Devices
Nom vulnerabiliteNETGEAR Multiple WAP Devices Command Injection Vulnerability
Date ajout KEV2022-03-25
Date limite remediation2022-04-15
Utilise dans ransomwareUnknown
Produits affectes
netgear:wn604netgear:wn604_firmwarenetgear:wn802tv2netgear:wn802tv2_firmwarenetgear:wnap320netgear:wnap320_firmwarenetgear:wndap210v2netgear:wndap210v2_firmwarenetgear:wndap350netgear:wndap350_firmwarenetgear:wndap360netgear:wndap360_firmwarenetgear:wndap660netgear:wndap660_firmware
Faiblesses (CWE)
CWE-77CWE-77
References
http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html(cret@cert.org)
http://seclists.org/fulldisclosure/2016/Feb/112(cret@cert.org)
https://www.exploit-db.com/exploits/45909/(cret@cert.org)
http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/Feb/112(af854a3a-2127-422b-91ae-364da2661108)
https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45909/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1555(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.