CVE-2016-1555

CRITICAL KEV NUCLEI

Netgear Devices Unauthenticated Remote Command Execution

Title source: metasploit

Description

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/45909
nomisec WORKING POC 2 stars
by ide0x90 · remote
https://github.com/ide0x90/cve-2016-1555
metasploit WORKING POC EXCELLENT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netgear_unauth_exec.rb

Nuclei Templates (1)

NETGEAR WNAP320 Access Point Firmware - Remote Command Injection
CRITICALby gy741

References (5)

Scores

CVSS v3 9.8
EPSS 0.9433
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25
VulnCheck KEV 2020-01-08
InTheWild.io 2022-03-25
ENISA EUVD EUVD-2016-2650
CWE
CWE-77
Status published
Products (7)
netgear/wn604_firmware < 3.3.2
netgear/wn802tv2_firmware < 3.0.5.0
netgear/wnap320_firmware < 3.0.5.0
netgear/wndap210v2_firmware < 3.0.5.0
netgear/wndap350_firmware < 3.0.5.0
netgear/wndap360_firmware < 3.0.5.0
netgear/wndap660_firmware < 3.0.5.0
Published Apr 21, 2017
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026