Vulnerability Name:

CVE-2016-11057 (CCN-181196)

Assigned:2017-01-06
Published:2017-01-06
Updated:2020-05-06
Summary:Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-287
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2016-11057

Source: XF
Type: UNKNOWN
netgear-cve201611057-sec-bypass(181196)

Source: CCN
Type: NETGEAR Article ID: 29960
NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management

Source: CONFIRM
Type: Vendor Advisory
https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management

Vulnerable Configuration:Configuration 1:
  • cpe:/o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-06)
  • AND
  • cpe:/h:netgear:jnr1010:v2:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:netgear:jwnr2000_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-06)
  • AND
  • cpe:/h:netgear:jwnr2000:v5:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-06)
  • AND
  • cpe:/h:netgear:jwnr2010:v5:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:netgear:r6220_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-06)
  • AND
  • cpe:/h:netgear:r6220:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-06)
  • AND
  • cpe:/h:netgear:wndr3700:v5:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-06)
  • AND
  • cpe:/h:netgear:wnr1000:v4:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-06)
  • AND
  • cpe:/h:netgear:wnr2020:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-06)
  • AND
  • cpe:/h:netgear:wnr2020:v2:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:netgear:wnr614_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-06)
  • AND
  • cpe:/h:netgear:wnr614:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:netgear:wnr618_firmware:*:*:*:*:*:*:*:* (Version < 2017-01-06)
  • AND
  • cpe:/h:netgear:wnr618:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:netgear:jnr1010:v2:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:wnr614:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:wnr618:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:jwnr2000:v5:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:wnr2020:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:jwnr2010:v5:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:wnr1000:v4:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:wnr2020:v2:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r6220:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:wndr3700:v5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netgear jnr1010 firmware *
    netgear jnr1010 v2
    netgear jwnr2000 firmware *
    netgear jwnr2000 v5
    netgear jwnr2010 firmware *
    netgear jwnr2010 v5
    netgear r6220 firmware *
    netgear r6220 -
    netgear wndr3700 firmware *
    netgear wndr3700 v5
    netgear wnr1000 firmware *
    netgear wnr1000 v4
    netgear wnr2020 firmware *
    netgear wnr2020 -
    netgear wnr2020 firmware *
    netgear wnr2020 v2
    netgear wnr614 firmware *
    netgear wnr614 -
    netgear wnr618 firmware *
    netgear wnr618 -
    netgear jnr1010 v2
    netgear wnr614 -
    netgear wnr618 -
    netgear jwnr2000 v5
    netgear wnr2020 -
    netgear jwnr2010 v5
    netgear wnr1000 v4
    netgear wnr2020 v2
    netgear r6220 -
    netgear wndr3700 v5