CVE-2016-10174

9.8 CRITICAL CISA KEV - Actively Exploited

Published: January 30, 2017 Modified: October 22, 2025

Description

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability

Source: cve@mitre.org

Vendor Advisory

http://seclists.org/fulldisclosure/2016/Dec/72

Source: cve@mitre.org

Exploit Mailing List Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/95867

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt

Source: cve@mitre.org

Exploit Technical Description Third Party Advisory

https://www.exploit-db.com/exploits/40949/

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

https://www.exploit-db.com/exploits/41719/

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability