製品・ソフトウェアに関する情報
Vulnerability Search
NETGEAR WNR2000v5 ルータにおけるバッファオーバーフローの脆弱性
Title NETGEAR WNR2000v5 ルータにおけるバッファオーバーフローの脆弱性
Summary

NETGEAR WNR2000v5 ルータには、URL /apply.cgi?/lang_check.html の呼び出しの際に、バッファオーバーフローの脆弱性が存在します。

Possible impacts 攻撃者により、hidden_lang_avi パラメータを介して、リモートでコードを実行される可能性があります。
Solution

ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date Dec. 20, 2016, midnight
Registration Date March 13, 2017, 4:49 p.m.
Last Update March 13, 2017, 4:49 p.m.
CVSS3.0 : 緊急
Score 9.8
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS2.0 : 危険
Score 10
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected System
ネットギア
WNR2000v5 
WNR2000v5 ファームウェア 
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
No Changed Details Date of change
0 [2017年03月13日]
  掲載		 Feb. 17, 2018, 10:37 a.m.
NVD Vulnerability Information
CVE-2016-10174
Summary

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

Publication Date Jan. 30, 2017, 1:59 p.m.
Registration Date Jan. 26, 2021, 2:05 p.m.
Last Update Nov. 21, 2024, 11:43 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:netgear:d6100_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*
Configuration2 or higher or less more than less than
cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:netgear:d7800_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*
Configuration4 or higher or less more than less than
cpe:2.3:o:netgear:jnr1010v2_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:jnr1010v2:-:*:*:*:*:*:*:*
Configuration5 or higher or less more than less than
cpe:2.3:o:netgear:jnr3300_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:*
Configuration6 or higher or less more than less than
cpe:2.3:o:netgear:jwnr2010v5_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:jwnr2010v5:-:*:*:*:*:*:*:*
Configuration7 or higher or less more than less than
cpe:2.3:o:netgear:r2000_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:*
Configuration8 or higher or less more than less than
cpe:2.3:o:netgear:r6100_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*
Configuration9 or higher or less more than less than
cpe:2.3:o:netgear:r6220_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*
Configuration10 or higher or less more than less than
cpe:2.3:o:netgear:r7500_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*
Configuration11 or higher or less more than less than
cpe:2.3:o:netgear:r7500v2_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:*
Configuration12 or higher or less more than less than
cpe:2.3:o:netgear:wndr3700v4_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wndr3700v4:-:*:*:*:*:*:*:*
Configuration13 or higher or less more than less than
cpe:2.3:o:netgear:wndr3800_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wndr3800:-:*:*:*:*:*:*:*
Configuration14 or higher or less more than less than
cpe:2.3:o:netgear:wndr4300_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*
Configuration15 or higher or less more than less than
cpe:2.3:o:netgear:wndr4300v2_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wndr4300v2:-:*:*:*:*:*:*:*
Configuration16 or higher or less more than less than
cpe:2.3:o:netgear:wndr4500v3_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wndr4500v3:-:*:*:*:*:*:*:*
Configuration17 or higher or less more than less than
cpe:2.3:o:netgear:wndr4700_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*
Configuration18 or higher or less more than less than
cpe:2.3:o:netgear:wnr1000v2_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wnr1000v2:-:*:*:*:*:*:*:*
Configuration19 or higher or less more than less than
cpe:2.3:o:netgear:wnr1000v4_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wnr1000v4:-:*:*:*:*:*:*:*
Configuration20 or higher or less more than less than
cpe:2.3:o:netgear:wnr2000v3_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wnr2000v3:-:*:*:*:*:*:*:*
Configuration21 or higher or less more than less than
cpe:2.3:o:netgear:wnr2000v4_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:*
Configuration22 or higher or less more than less than
cpe:2.3:o:netgear:wnr2000v5_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*
Configuration23 or higher or less more than less than
cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*
Configuration24 or higher or less more than less than
cpe:2.3:o:netgear:wnr2050_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*
Configuration25 or higher or less more than less than
cpe:2.3:o:netgear:wnr2200_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:*
Configuration26 or higher or less more than less than
cpe:2.3:o:netgear:wnr2500_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wnr2500:-:*:*:*:*:*:*:*
Configuration27 or higher or less more than less than
cpe:2.3:o:netgear:wnr614_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*
Configuration28 or higher or less more than less than
cpe:2.3:o:netgear:wnr618_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List