Sign-up

ID

VAR-202003-1207


CVE

CVE-2016-11022


TITLE

plural NETGEAR Prosafe On the device OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-009633

DESCRIPTION

NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. NETGEAR Prosafe WC9500 , WC7600 , WC7520 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR Prosafe WC9500, etc. are all wireless controllers used by NETGEAR to manage AP access points. There are security vulnerabilities in NETGEAR Prosafe WC9500 version 5.1.0.17, WC7600 version 5.1.0.17 and WC7520 version 2.5.0.35

Trust: 2.16

sources: NVD: CVE-2016-11022 // JVNDB: JVNDB-2016-009633 // CNVD: CNVD-2020-33777

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-33777

AFFECTED PRODUCTS

vendor:netgearmodel:prosafe wc9500scope:eqversion:5.1.0.17

Trust: 2.4

vendor:netgearmodel:prosafe wc7520scope:eqversion:2.5.0.35

Trust: 1.8

vendor:netgearmodel:prosafe wc7600scope:eqversion:5.1.0.17

Trust: 1.8

vendor:netgearmodel:wc7600scope:eqversion:5.1.0.17

Trust: 0.6

vendor:netgearmodel:wc7520scope:eqversion:2.5.0.35

Trust: 0.6

sources: CNVD: CNVD-2020-33777 // JVNDB: JVNDB-2016-009633 // NVD: CVE-2016-11022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-11022
value: HIGH

Trust: 1.0

NVD: JVNDB-2016-009633
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-33777
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-1318
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2016-11022
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2016-009633
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-33777
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-11022
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2016-009633
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-33777 // JVNDB: JVNDB-2016-009633 // CNNVD: CNNVD-202003-1318 // NVD: CVE-2016-11022

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2016-009633 // NVD: CVE-2016-11022

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1318

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-1318

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-009633

PATCH
title:Top Pageurl:https://www.netgear.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-009633

EXTERNAL IDS
db:NVDid:CVE-2016-11022
Trust: 3.0
db:JVNDBid:JVNDB-2016-009633
Trust: 0.8
db:CNVDid:CNVD-2020-33777
Trust: 0.6
db:CNNVDid:CNNVD-202003-1318
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33777 // 
            
            
            
            JVNDB: JVNDB-2016-009633 // 
            
            
            
            CNNVD: CNNVD-202003-1318 // 
            
            
            
            NVD: CVE-2016-11022

REFERENCES
url:http://firmware.re/vulns/acsa-2015-002.php
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2016-11022
Trust: 2.0
url:https://github.com/threat9/routersploit/blob/master/routersploit/modules/exploits/routers/netgear/prosafe_rce.py
Trust: 1.6
url:https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-11022
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-33777 // 
            
            
            
            JVNDB: JVNDB-2016-009633 // 
            
            
            
            CNNVD: CNNVD-202003-1318 // 
            
            
            
            NVD: CVE-2016-11022

SOURCES
db:CNVDid:CNVD-2020-33777
db:JVNDBid:JVNDB-2016-009633
db:CNNVDid:CNNVD-202003-1318
db:NVDid:CVE-2016-11022

LAST UPDATE DATE
2024-11-23T22:37:27.198000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-33777date:2020-06-21T00:00:00
db:JVNDBid:JVNDB-2016-009633date:2020-04-08T00:00:00
db:CNNVDid:CNNVD-202003-1318date:2020-04-28T00:00:00
db:NVDid:CVE-2016-11022date:2024-11-21T02:45:19.230

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-33777date:2020-06-21T00:00:00
db:JVNDBid:JVNDB-2016-009633date:2020-04-08T00:00:00
db:CNNVDid:CNNVD-202003-1318date:2020-03-23T00:00:00
db:NVDid:CVE-2016-11022date:2020-03-23T15:15:14.597