Remote Code Execution Vulnerability in NETGEAR Prosafe Wireless Controllers
CVE-2016-11022

7.2HIGH

Key Information:

Vendor

Netgear
Status
Prosafe Wc9500 Firmware
Vendor
CVE Published:
23 March 2020

What is CVE-2016-11022?

The NETGEAR Prosafe Wireless Controllers WC9500, WC7600, and WC7520 have a vulnerability that allows remote attackers to gain root privileges. This is achieved through exploiting shell metacharacters in the reqMethod parameter of the login_handler.php file, potentially allowing unauthorized access and control over the affected devices. Users of these products should promptly apply security updates to mitigate the risk posed by this vulnerability.

References

https://unit42.paloaltonetworks.com/new-mirai-variant-tar...
x_refsource_MISC
http://firmware.re/vulns/acsa-2015-002.php
x_refsource_MISC
https://github.com/threat9/routersploit/blob/master/route...
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-11022 : Remote Code Execution Vulnerability in NETGEAR Prosafe Wireless Controllers