Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-10175

CWE-200 — Information Exposure5 documents5 sources

Severity

9.8CRITICAL

EPSS

81.6%

top 0.82%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netgear Wnr2000v5 Firmware

Timeline

PublishedJan 30

Latest updateMay 17

Description

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDnetgear/wnr2000v5_firmware1.0.0.34

Patches

Patch: kb.netgear.com ↗Patch: kb.netgear.com ↗

🔴Vulnerability Details

GHSA

GHSA-ghhf-xp94-4ggw: The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success↗2022-05-17

▶

CVEList

CVE-2016-10175: The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success↗2017-01-30

▶

💥Exploits & PoCs

Exploit-DB

Netgear WNR2000v5 - Remote Code Execution↗2016-12-21

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Netgear WNR2000v5 Possible Serial Number Leak↗2017-02-02

▶