CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2016-1555

CVSS 9.8v3.1pub. 2017-04-21upd. 2026-04-22

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Wn604

    HW
    Netgear
    wszystkie wersje
  • Netgear Wn604 Firmware

    OS
    Netgear
    ≤ 3.3.2
  • Netgear Wn802tv2

    HW
    Netgear
    wszystkie wersje
  • Netgear Wn802tv2 Firmware

    OS
    Netgear
    ≤ 3.0.5.0
  • Netgear Wnap320

    HW
    Netgear
    wszystkie wersje
  • Netgear Wnap320 Firmware

    OS
    Netgear
    ≤ 3.0.5.0
  • Netgear Wndap210v2

    HW
    Netgear
    wszystkie wersje
  • Netgear Wndap210v2 Firmware

    OS
    Netgear
    ≤ 3.0.5.0
  • Netgear Wndap350

    HW
    Netgear
    wszystkie wersje
  • Netgear Wndap350 Firmware

    OS
    Netgear
    ≤ 3.0.5.0
  • Netgear Wndap360

    HW
    Netgear
    wszystkie wersje
  • Netgear Wndap360 Firmware

    OS
    Netgear
    ≤ 3.0.5.0
  • Netgear Wndap660

    HW
    Netgear
    wszystkie wersje
  • Netgear Wndap660 Firmware

    OS
    Netgear
    ≤ 3.0.5.0

CISA KEV — detailsi

Vendori
NETGEAR
Producti
Wireless Access Point (WAP) Devices
Added to KEVi
March 25, 2022
Remediation deadline (US Federal)i
April 15, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 15 kwietnia 2022
CWE
References

Related vulnerabilities

CVE-2018-21097CRITICAL9.8ten sam produkt

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This aff...

CVE-2016-1557CRITICAL9.8ten sam produkt

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames ...

CVE-2017-18863HIGH7.1ten sam produkt

Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier...

CVE-2018-21096HIGH7.4ten sam produkt

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 ...

CVE-2018-21094HIGH7.3ten sam produkt

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 befo...