Published: 21/04/2017 Updated: 16/04/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 prior to 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 prior to 3.5.5.0 allow remote malicious users to execute arbitrary commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netgear wnap320_firmware
netgear wndap350_firmware
netgear wndap360_firmware
netgear wndap210v2_firmware
netgear wn604_firmware
netgear wndap660_firmware
netgear wn802tv2_firmware

Netgear WN604 versions before 333 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 versions before 3550 allow remote attackers to execute arbitrary commands ...

From the CVE-2016-1555 page: (1) boardData102php, (2) boardData103php, (3) boardDataJPphp, (4) boardDataNAphp, and (5) boardDataWWphp in Netgear WN604 before 333 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3550 allow remote attackers to execute arbitrary commands ...

From the CVE-2016-1555 page: (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.

msf > use exploit/linux/http/netgear_unauth_exec
msf exploit(netgear_unauth_exec) > show targets
    ...targets...
msf exploit(netgear_unauth_exec) > set TARGET < target-id >
msf exploit(netgear_unauth_exec) > show options
    ...show and set options...
msf exploit(netgear_unauth_exec) > exploit

From the CVE-2016-1555 page: (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.

msf > use exploit/linux/http/netgear_unauth_exec
msf exploit(netgear_unauth_exec) > show targets
    ...targets...
msf exploit(netgear_unauth_exec) > set TARGET < target-id >
msf exploit(netgear_unauth_exec) > show options
    ...show and set options...
msf exploit(netgear_unauth_exec) > exploit

2/12 工作坊科技部前瞻資安科技專案110年度成果分表暨交流會議環境 VirtualBox 下載 OVA (分流): Google drive 1 Google drive 2 Mega 當天準備隨身碟請先下載 VirtualBox 及 OVA (預先準備好的環境) 開啟 VirtualBox 並匯入 OVA ubuntu 1804 User : example Password : 220212 Firmadyne 因 binwalk 改版導致改 Python3 安

profile

Public Profile || || || || Hi there 👋, wanna coffee? I'm Faisal Fs, Cyber Security Analyst from Malaysia focusing on Vulnerability Assessment & Penetration Testing 👨🏻‍💻 Interested in red teaming, ethical hacking, web exploitation as well as intrusion detection Reading & writing infosec blogs Fun fact: I love coffee but I

chap0x01 openwrt环境配置 chap0x02 OpenWrt安全实践 chap0x03 WIFI渗透实验 chap0x04 路由器漏洞分析之 CVE-2016-1555 chap0x05 安卓逆向基础 chap0x06 CTF Android Reverse&应用破解

CWE-77 https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic http://seclists.org/fulldisclosure/2016/Feb/112 http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html https://www.exploit-db.com/exploits/45909/https://nvd.nist.gov https://packetstormsecurity.com/files/150478/Netgear-Unauthenticated-Remote-Command-Execution.html https://github.com/faisalfs10x/faisalfs10x

CVE-2016-1555

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect