SB2016122301 - Remote command execution in Netgear Wireless N Routers
Published: December 23, 2016 Updated: January 3, 2017
Security Bulletin ID
SB2016122301
CSH Severity
High
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) OS command injection (CVE-ID: N/A)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary OS commands on vulnerable device.
The vulnerability exists due to unknown error in web management interface. A remote attacker with access to web management interface can reset administrator's password and execute arbitrary OS commands on vulnerable device.Successful exploitation of the vulnerability will result in full compromise of vulnerable device.
All firmware versions of vulnerable devices are vulnerable.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.