Cyber Resilience

CVE-2016-10174

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 30 January 2017

Published
30 January 2017
Modified
21 April 2026
KEV Added
25 March 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9107 99.7th percentile
Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-10174 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Netgear D6100 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

The NETGEAR WNR2000v5 router is affected by CVE-2016-10174, a buffer overflow vulnerability (CWE-120) in the hidden_lang_avi parameter that is triggered when the URL /apply.cgi?/lang_check.html is invoked. The flaw carries a CVSS 3.1 score of 9.8.

An unauthenticated attacker with network access can supply a crafted value to the parameter and trigger the overflow, resulting in remote code execution with full impact on confidentiality, integrity, and availability.

Public references include a NETGEAR knowledge-base article addressing insecure remote access and command execution, a full-disclosure mailing-list post, a SecurityFocus entry, a detailed proof-of-concept write-up, and an Exploit-DB entry containing working exploit code.

EU & UK References

Vulnerability details

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

CWE(s)
KEV Date Added
25 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netgear
d6100 firmware
all versions
netgear
d7000 firmware
all versions
netgear
d7800 firmware
all versions
netgear
jnr1010v2 firmware
all versions
netgear
jnr3300 firmware
all versions
netgear
jwnr2010v5 firmware
all versions
netgear
r2000 firmware
all versions
netgear
r6100 firmware
all versions
netgear
r6220 firmware
all versions
netgear
r7500 firmware
all versions
+18 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the hidden_lang_avi input to /apply.cgi to block the buffer overflow that enables unauthenticated RCE.

prevent

Employs memory-protection techniques (DEP, ASLR) that can stop successful exploitation of the buffer overflow even if input validation fails.

prevent

Enforces authentication and authorization on the web interface so that unauthenticated attackers cannot reach the vulnerable lang_check.html endpoint.

References