Lucene search

CertccCVE-2016-1557

HistoryApr 21, 2017 - 3:59 p.m.

CVE-2016-1557

2017-04-2115:59:00

CWE-200

certcc

web.nvd.nist.gov

netgear

wnap320

wndap350

wndap360

snmp

vulnerability

cve-2016-1557

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.

Affected configurations

Nvd

Node

netgearwnap320_firmwareRange≤3.0.5.0

AND

netgearwnap320Match-

Node

netgearwndap350_firmwareRange≤3.0.5.0

AND

netgearwndap350Match-

Node

netgearwndap360_firmwareRange≤3.0.5.0

AND

netgearwndap360Match-

VendorProductVersionCPE
netgearwnap320_firmware*cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*
netgearwnap320-cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*
netgearwndap350_firmware*cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*
netgearwndap350-cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*
netgearwndap360_firmware*cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*
netgearwndap360-cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	wnap320_firmware	*	cpe:2.3:o:netgear:wnap320_firmware::::::::
netgear	wnap320	-	cpe:2.3:h:netgear:wnap320:-:::::::*
netgear	wndap350_firmware	*	cpe:2.3:o:netgear:wndap350_firmware::::::::
netgear	wndap350	-	cpe:2.3:h:netgear:wndap350:-:::::::*
netgear	wndap360_firmware	*	cpe:2.3:o:netgear:wndap360_firmware::::::::
netgear	wndap360	-	cpe:2.3:h:netgear:wndap360:-:::::::*

References

packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html

seclists.org/fulldisclosure/2016/Feb/112

kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

Related for CVE-2016-1557