Vulnerability Name:

CVE-2016-11055 (CCN-181199)

Assigned:2017-01-11
Published:2017-01-11
Updated:2020-05-05
Summary:Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.
CVSS v3 Severity:4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-352
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2016-11055

Source: XF
Type: UNKNOWN
netgear-cve201611055-csrf(181199)

Source: CCN
Type: NETGEAR Article ID: 30114
NETGEAR Product Vulnerability Advisory: CSRF / LocalFile / XSS

Source: CONFIRM
Type: Vendor Advisory
https://kb.netgear.com/30114/NETGEAR-Product-Vulnerability-Advisory-CSRF-LocalFile-XSS

Vulnerable Configuration:Configuration 1:
  • cpe:/o:netgear:cm400_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-11)
  • AND
  • cpe:/h:netgear:cm400:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:netgear:cm600_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-11)
  • AND
  • cpe:/h:netgear:cm600:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:netgear:d1500_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.20)
  • AND
  • cpe:/h:netgear:d1500:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:netgear:d500_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-11)
  • AND
  • cpe:/h:netgear:d500:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:netgear:dst6501_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.36)
  • AND
  • cpe:/h:netgear:dst6501:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-11)
  • AND
  • cpe:/h:netgear:jnr1010:v1:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:netgear:jwnr2000t_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-11)
  • AND
  • cpe:/h:netgear:jwnr2000t:v3:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-11)
  • AND
  • cpe:/h:netgear:jwnr2010:v3:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:netgear:plw1000_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.22)
  • AND
  • cpe:/h:netgear:plw1000:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:netgear:plw1010_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-11)
  • AND
  • cpe:/h:netgear:plw1010:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:netgear:wnr500_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-11)
  • AND
  • cpe:/h:netgear:wnr500:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:netgear:wnr612_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-11)
  • AND
  • cpe:/h:netgear:wnr612:v3:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:netgear:n450_cg3000d_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-11)
  • AND
  • cpe:/h:netgear:n450_cg3000d:v2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:netgear:cm400:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:cm600:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:d1500:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:d500:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:dst6501:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:jnr1010:v1:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:jwnr2000t:v3:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:jwnr2010:v3:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:plw1000:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:plw1010:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:wnr500:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:wnr612:v3:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:n450:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:cg3000d:v2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netgear cm400 firmware *
    netgear cm400 -
    netgear cm600 firmware *
    netgear cm600 -
    netgear d1500 firmware *
    netgear d1500 -
    netgear d500 firmware *
    netgear d500 -
    netgear dst6501 firmware *
    netgear dst6501 -
    netgear jnr1010 firmware *
    netgear jnr1010 v1
    netgear jwnr2000t firmware *
    netgear jwnr2000t v3
    netgear jwnr2010 firmware *
    netgear jwnr2010 v3
    netgear plw1000 firmware *
    netgear plw1000 -
    netgear plw1010 firmware *
    netgear plw1010 -
    netgear wnr500 firmware *
    netgear wnr500 -
    netgear wnr612 firmware *
    netgear wnr612 v3
    netgear n450 cg3000d firmware *
    netgear n450 cg3000d v2
    netgear cm400 -
    netgear cm600 -
    netgear d1500 -
    netgear d500 -
    netgear dst6501 -
    netgear jnr1010 v1
    netgear jwnr2000t v3
    netgear jwnr2010 v3
    netgear plw1000 -
    netgear plw1010 -
    netgear wnr500 -
    netgear wnr612 v3
    netgear n450 -
    netgear cg3000d v2