10
CVE-2016-1555
- EPSS 93.97%
- Published 21.04.2017 15:59:00
- Last modified 20.04.2025 01:37:25
- Source cret@cert.org
- Teams watchlist Login
- Open Login
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ Wnap320 Firmware Version <= 3.0.5.0
Netgear ≫ Wndap350 Firmware Version <= 3.0.5.0
Netgear ≫ Wndap360 Firmware Version <= 3.0.5.0
Netgear ≫ Wndap210v2 Firmware Version <= 3.0.5.0
Netgear ≫ Wn604 Firmware Version <= 3.3.2
Netgear ≫ Wndap660 Firmware Version <= 3.0.5.0
Netgear ≫ Wn802tv2 Firmware Version <= 3.0.5.0
25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
NETGEAR Multiple WAP Devices Command Injection Vulnerability
VulnerabilityMultiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.97% | 0.999 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.