| Vulnerability Name: | CVE-2016-1556 (CCN-111064) |
| Assigned: | 2016-02-24 |
| Published: | 2016-02-24 |
| Updated: | 2017-04-28 |
| Summary: | Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.
|
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): None |
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-200
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: MITRE
Type: CNA
CVE-2016-1556
Source: MISC
Type: Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html
Source: CCN
Type: Full-Disclosure Mailing List, Wed, 24 Feb 2016 08:18:59 -0800
D-Link, Netgear Router Vulnerabiltiies
Source: FULLDISC
Type: Mailing List, Third Party Advisory
20160225 D-Link, Netgear Router Vulnerabiltiies
Source: CCN
Type: NETGEAR Web site
Netgear
Source: XF
Type: UNKNOWN
netgear-cve20161556-info-disc(111064)
Source: CONFIRM
Type: Patch, Vendor Advisory
https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:netgear:wnap320_firmware:*:*:*:*:*:*:*:* (Version <= 3.0.5.0)AND cpe:/h:netgear:wnap320:-:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:netgear:wndap350_firmware:*:*:*:*:*:*:*:* (Version <= 3.0.5.0)AND cpe:/h:netgear:wndap350:-:*:*:*:*:*:*:*
Configuration 3:
cpe:/o:netgear:wndap360_firmware:*:*:*:*:*:*:*:* (Version <= 3.0.5.0)AND cpe:/h:netgear:wndap360:-:*:*:*:*:*:*:*
Configuration 4:
cpe:/o:netgear:wndap210v2_firmware:*:*:*:*:*:*:*:* (Version <= 3.0.5.0)AND cpe:/h:netgear:wndap210v2:-:*:*:*:*:*:*:*
Configuration 5:
cpe:/o:netgear:wn604_firmware:*:*:*:*:*:*:*:* (Version <= 3.3.2)AND cpe:/h:netgear:wn604:-:*:*:*:*:*:*:*
Configuration 6:
cpe:/o:netgear:wnd930_firmware:*:*:*:*:*:*:*:* (Version <= 2.0.4)AND cpe:/h:netgear:wnd930:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/h:netgear:wn604:-:*:*:*:*:*:*:*OR cpe:/h:netgear:wn802tv2:-:*:*:*:*:*:*:*OR cpe:/h:netgear:wnap320:-:*:*:*:*:*:*:*OR cpe:/h:netgear:wndap350:-:*:*:*:*:*:*:*OR cpe:/h:netgear:wndap360:-:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |