What is CVE-2016-10176?

CVE-2016-10176 is a critical-severity vulnerability in Netgear Wnr2000v5, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2017-01-30.

How severe is CVE-2016-10176?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2016-10176 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Netgear Wnr2000v5

CVE-2016-10176

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.866 (99.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (Technical Description, Exploit, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (Patch, x_refsource_MISC, Vendor Advisory)
cve@mitre.org (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2016-10176?: CVE-2016-10176 is a critical-severity vulnerability in Netgear Wnr2000v5, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2017-01-30.
How severe is CVE-2016-10176?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2016-10176 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.