CVE-2016-1555
KEV
🔴 Łataj teraz
Luki w Netgear WN604 i innych modelach pozwalają na zdalne wykonanie dowolnych poleceń.
CVSS
9.8
EPSS
94.3%
Exploit
weaponized
Vendor
netgear
Opis źródłowy (NVD)
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 94.3% |
| Opublikowano (NVD) | 2017-04-21 15:59:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-22 14:42:02 UTC |
Referencje
- http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html (cret@cert.org) [Third Party Advisory, VDB Entry]
- http://seclists.org/fulldisclosure/2016/Feb/112 (cret@cert.org) [Mailing List, Third Party Advisory]
- https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic (cret@cert.org) [Patch, Vendor Advisory]
- https://www.exploit-db.com/exploits/45909/ (cret@cert.org) [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1555 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]