CVE-2016-10174
Published: 30 January 2017
Summary
CVE-2016-10174 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Netgear D6100 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
The NETGEAR WNR2000v5 router is affected by CVE-2016-10174, a buffer overflow vulnerability (CWE-120) in the hidden_lang_avi parameter that is triggered when the URL /apply.cgi?/lang_check.html is invoked. The flaw carries a CVSS 3.1 score of 9.8.
An unauthenticated attacker with network access can supply a crafted value to the parameter and trigger the overflow, resulting in remote code execution with full impact on confidentiality, integrity, and availability.
Public references include a NETGEAR knowledge-base article addressing insecure remote access and command execution, a full-disclosure mailing-list post, a SecurityFocus entry, a detailed proof-of-concept write-up, and an Exploit-DB entry containing working exploit code.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-1361
Vulnerability details
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
- CWE(s)
- KEV Date Added
- 25 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of the hidden_lang_avi input to /apply.cgi to block the buffer overflow that enables unauthenticated RCE.
Employs memory-protection techniques (DEP, ASLR) that can stop successful exploitation of the buffer overflow even if input validation fails.
Enforces authentication and authorization on the web interface so that unauthenticated attackers cannot reach the vulnerable lang_check.html endpoint.