Описание
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-10174
- https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10174
- https://www.exploit-db.com/exploits/40949
- https://www.exploit-db.com/exploits/41719
- http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability
- http://seclists.org/fulldisclosure/2016/Dec/72
- http://www.securityfocus.com/bid/95867
Связанные уязвимости
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
Уязвимость компонента «/apply.cgi?/lang_check.html» встроенного программного обеспечения маршрутизатора NETGEAR WNR2000v5, позволяющая нарушителю выполнить произвольный код