CVE-2016-1556

HIGH

Netgear WNAP320/WNDAP350/WNDAP360/WNDAP210v2/WN604/WND930 - Unauthenticated Information Disclosure via WPS

Title source: llm

Description

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_confirm

https://kb.netgear.com/30481/CVE-2016-1556-Notification?cid=wmt_netgear_organic

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2016/Feb/112

Scores

CVSS v3 7.5

EPSS 0.0095

EPSS Percentile 76.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (6)

netgear/wn604_firmware < 3.3.2

netgear/wnap320_firmware < 3.0.5.0

netgear/wnd930_firmware < 2.0.4

netgear/wndap210v2_firmware < 3.0.5.0

netgear/wndap350_firmware < 3.0.5.0

netgear/wndap360_firmware < 3.0.5.0

Published Apr 21, 2017

Tracked Since Feb 18, 2026