QwikSec

Security Database

CVE

CWE

Training

CVE-2016-10175

Published: Jan 30, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://seclists.org/fulldisclosure/2016/Dec/72

x_refsource_MISC

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt

x_refsource_MISC

vdb-entry

x_refsource_BID

http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.