Main Vulnerability Database SB2016122301

SB2016122301 - Remote command execution in Netgear Wireless N Routers

Published: December 23, 2016 Updated: January 3, 2017

Security Bulletin ID SB2016122301

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) OS command injection (CVE-ID: N/A)

The vulnerability allows a remote attacker to execute arbitrary OS commands on vulnerable device.

The vulnerability exists due to unknown error in web management interface. A remote attacker with access to web management interface can reset administrator's password and execute arbitrary OS commands on vulnerable device.

Successful exploitation of the vulnerability will result in full compromise of vulnerable device.

All firmware versions of vulnerable devices are vulnerable.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability...

SB2016122301 - Remote command execution in Netgear Wireless N Routers

Breakdown by Severity

Description

Remediation

References

Please verify you're human