Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Wnr2000v5_firmware
(Netgear)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-10-09 | CVE-2020-26913 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, SRK60 before 2.2.2.20, SRR60 before 2.2.2.20, SRS60 before 2.2.2.20, WN3000RPv2 before... | D6100_firmware, R7800_firmware, R8900_firmware, R9000_firmware, Rbk20_firmware, Rbk40_firmware, Rbk50_firmware, Rbr20_firmware, Rbr50_firmware, Rbs20_firmware, Rbs40_firmware, Rbs50_firmware, Srk60_firmware, Srr60_firmware, Srs60_firmware, Wn3000rpv2_firmware, Wndr4300v2_firmware, Wndr4500v3_firmware, Wnr2000v5_firmware, Xr450_firmware, Xr500_firmware | 6.8 | ||
| 2017-01-30 | CVE-2016-10176 | The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery... | Wnr2000v5_firmware | 9.8 | ||
| 2017-01-30 | CVE-2016-10175 | The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. | Wnr2000v5_firmware | 9.8 | ||
| 2017-01-30 | CVE-2016-10174 | The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. | Wnr2000v5_firmware | 9.8 |