CVE-2016-1555

{"id": "CVE-2016-1555", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-04-21T15:59:00.333", "references": [{"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2016/Feb/112", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/45909/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2016/Feb/112", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/45909/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1555", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-77"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands."}, {"lang": "es", "value": "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, y (5) boardDataWW.php en Netgear WN604 en versiones anteriores a 3.3.3 y WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360 y WNDAP660 en versiones anteriores a 3.5.5.0 permite a atacantes remotos ejecutar comandos arbitrarios."}], "lastModified": "2025-10-22T00:15:49.350", "cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBCE4D2F-5A11-4043-8F3E-4C10D155A6ED", "versionEndIncluding": "3.0.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB422D25-D72D-445B-869D-4A5FBF285357", "versionEndIncluding": "3.0.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA1E8F1E-AB78-4C4B-BE0B-AE17E4636077", "versionEndIncluding": "3.0.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndap210v2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9801E95C-9464-4594-B4E8-6F227C597C27", "versionEndIncluding": "3.0.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndap210v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D1AD5A1-5212-4C0A-88BB-F34314F9C037"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wn604_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CA9CFC3-D7D5-4538-AA31-9C4504E5AFA7", "versionEndIncluding": "3.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wn604:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD31DCAA-BAA5-4463-9EA4-A7076A625407"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndap660_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99E67C3D-8907-4A96-BBAA-128959DB3962", "versionEndIncluding": "3.0.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndap660:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58D2492E-0CDC-4242-9206-7F0453B11CBD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wn802tv2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "169F7661-BB39-4188-A26E-9791FCE1DA6B", "versionEndIncluding": "3.0.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wn802tv2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "05B05670-CC01-4F53-B1A7-83FE3AFBA12E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "NETGEAR Multiple WAP Devices Command Injection Vulnerability"}