← Voltar para CVEs
CVE-2016-1555
CRITICALCISA KEV9.8
Descricao
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/21/2017
Ultima modificacao10/22/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorNETGEAR
ProdutoWireless Access Point (WAP) Devices
Nome da vulnerabilidadeNETGEAR Multiple WAP Devices Command Injection Vulnerability
Data inclusao KEV2022-03-25
Prazo de remediacao2022-04-15
Uso em ransomwareUnknown
Produtos afetados
netgear:wn604netgear:wn604_firmwarenetgear:wn802tv2netgear:wn802tv2_firmwarenetgear:wnap320netgear:wnap320_firmwarenetgear:wndap210v2netgear:wndap210v2_firmwarenetgear:wndap350netgear:wndap350_firmwarenetgear:wndap360netgear:wndap360_firmwarenetgear:wndap660netgear:wndap660_firmware
Fraquezas (CWE)
CWE-77CWE-77
Referencias
http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html(cret@cert.org)
http://seclists.org/fulldisclosure/2016/Feb/112(cret@cert.org)
https://www.exploit-db.com/exploits/45909/(cret@cert.org)
http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/Feb/112(af854a3a-2127-422b-91ae-364da2661108)
https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45909/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1555(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.