cve/2016/CVE-2016-10174.md

CVE-2016-10174

Description

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

POC

Reference

• http://seclists.org/fulldisclosure/2016/Dec/72
• https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt
• https://www.exploit-db.com/exploits/40949/
• https://www.exploit-db.com/exploits/41719/

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/Ostorlab/KEV
• https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors