CVE-2016-1556

CWE-200 — Information Exposure3 documents3 sources

Severity

7.5HIGH

EPSS

1.0%

top 23.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Wn604 Firmware Netgear Wnap320 Firmware Netgear Wnd930 Firmware +3 more

Timeline

PublishedApr 21

Latest updateMay 17

Description

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDnetgear/wn604_firmware3.3.2

▶NVDnetgear/wnd930_firmware2.0.4

▶NVDnetgear/wnap320_firmware3.0.5.0

▶NVDnetgear/wndap350_firmware3.0.5.0

▶NVDnetgear/wndap360_firmware3.0.5.0

Patches

Patch: kb.netgear.com ↗Patch: kb.netgear.com ↗

🔴Vulnerability Details

GHSA

GHSA-7xcv-jm4f-m6xc: Information disclosure in Netgear WN604 before 3↗2022-05-17

▶

CVEList

CVE-2016-1556: Information disclosure in Netgear WN604 before 3↗2017-04-21

▶