CVE-2016-1555
Published: 21 April 2017
Summary
CVE-2016-1555 is a critical-severity Command Injection (CWE-77) vulnerability in Netgear Wnap320 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2016-1555 is a command injection flaw present in the files boardData102.php, boardData103.php, boardDataJP.php, boardDataNA.php, and boardDataWW.php. It affects Netgear WN604 devices running firmware prior to 3.3.3 as well as WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 devices prior to 3.5.5.0. The issue is tracked as CWE-77 and carries a CVSS v3.1 base score of 9.8.
Unauthenticated attackers with network access can exploit the flaw to execute arbitrary commands on affected devices, resulting in full control over confidentiality, integrity, and availability without any user interaction.
Netgear advisory information referenced at kb.netgear.com/30480 describes the affected models and directs users to updated firmware releases that resolve the command injection vectors. Public exploit code and technical write-ups have been posted to Exploit-DB and Packet Storm, confirming remote unauthenticated command execution is achievable against unpatched units.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-2650
Vulnerability details
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
- CWE(s)
- KEV Date Added
- 25 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks the CWE-77 command injection in boardData*.php by requiring validation/sanitization of all input parameters before they reach the shell.
Mandates timely application of the vendor firmware patches (3.3.3 / 3.5.5.0) that close the unauthenticated command-execution vectors described in the Netgear advisory.
Enforces access-control policy on the device web interface so that unauthenticated network callers cannot reach the vulnerable boardData endpoints at all.