Cyber Resilience

CVE-2016-1555

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCE

Published: 21 April 2017

Published
21 April 2017
Modified
22 April 2026
KEV Added
25 March 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9433 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-1555 is a critical-severity Command Injection (CWE-77) vulnerability in Netgear Wnap320 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2016-1555 is a command injection flaw present in the files boardData102.php, boardData103.php, boardDataJP.php, boardDataNA.php, and boardDataWW.php. It affects Netgear WN604 devices running firmware prior to 3.3.3 as well as WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 devices prior to 3.5.5.0. The issue is tracked as CWE-77 and carries a CVSS v3.1 base score of 9.8.

Unauthenticated attackers with network access can exploit the flaw to execute arbitrary commands on affected devices, resulting in full control over confidentiality, integrity, and availability without any user interaction.

Netgear advisory information referenced at kb.netgear.com/30480 describes the affected models and directs users to updated firmware releases that resolve the command injection vectors. Public exploit code and technical write-ups have been posted to Exploit-DB and Packet Storm, confirming remote unauthenticated command execution is achievable against unpatched units.

EU & UK References

Vulnerability details

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.

CWE(s)
KEV Date Added
25 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netgear
wnap320 firmware
≤ 3.0.5.0
netgear
wndap350 firmware
≤ 3.0.5.0
netgear
wndap360 firmware
≤ 3.0.5.0
netgear
wndap210v2 firmware
≤ 3.0.5.0
netgear
wn604 firmware
≤ 3.3.2
netgear
wndap660 firmware
≤ 3.0.5.0
netgear
wn802tv2 firmware
≤ 3.0.5.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the CWE-77 command injection in boardData*.php by requiring validation/sanitization of all input parameters before they reach the shell.

prevent

Mandates timely application of the vendor firmware patches (3.3.3 / 3.5.5.0) that close the unauthenticated command-execution vectors described in the Netgear advisory.

prevent

Enforces access-control policy on the device web interface so that unauthenticated network callers cannot reach the vulnerable boardData endpoints at all.

References