Critical severity9.8CISA KEVNVD Advisory· Published Jan 30, 2017· Updated Apr 21, 2026

CVE-2016-10174

Description

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

Affected products

Netgear/D6100 Firmware
cpe:2.3:o:netgear:d6100_firmware:-:*:*:*:*:*:*:*
Netgear/D7000 Firmware
cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:*
Netgear/D7800 Firmware
cpe:2.3:o:netgear:d7800_firmware:-:*:*:*:*:*:*:*
Netgear/Jnr1010v2 Firmware
cpe:2.3:o:netgear:jnr1010v2_firmware:-:*:*:*:*:*:*:*
Netgear/Jnr3300 Firmware
cpe:2.3:o:netgear:jnr3300_firmware:-:*:*:*:*:*:*:*
Netgear/Jwnr2010v5 Firmware
cpe:2.3:o:netgear:jwnr2010v5_firmware:-:*:*:*:*:*:*:*
Netgear/R2000 Firmware
cpe:2.3:o:netgear:r2000_firmware:-:*:*:*:*:*:*:*
Netgear/R6100 Firmware
cpe:2.3:o:netgear:r6100_firmware:-:*:*:*:*:*:*:*
Netgear/R6220 Firmware
cpe:2.3:o:netgear:r6220_firmware:-:*:*:*:*:*:*:*
Netgear/R7500 Firmware
cpe:2.3:o:netgear:r7500_firmware:-:*:*:*:*:*:*:*
Netgear/R7500v2 Firmware
cpe:2.3:o:netgear:r7500v2_firmware:-:*:*:*:*:*:*:*
Netgear/Wndr3700v4 Firmware
cpe:2.3:o:netgear:wndr3700v4_firmware:-:*:*:*:*:*:*:*
Netgear/Wndr3800 Firmware
cpe:2.3:o:netgear:wndr3800_firmware:-:*:*:*:*:*:*:*
Netgear/Wndr4300 Firmware
cpe:2.3:o:netgear:wndr4300_firmware:-:*:*:*:*:*:*:*
Netgear/Wndr4300v2 Firmware
cpe:2.3:o:netgear:wndr4300v2_firmware:-:*:*:*:*:*:*:*
Netgear/Wndr4500v3 Firmware
cpe:2.3:o:netgear:wndr4500v3_firmware:-:*:*:*:*:*:*:*
Netgear/Wndr4700 Firmware
cpe:2.3:o:netgear:wndr4700_firmware:-:*:*:*:*:*:*:*
Netgear/Wnr1000v2 Firmware
cpe:2.3:o:netgear:wnr1000v2_firmware:-:*:*:*:*:*:*:*
Netgear/Wnr1000v4 Firmware
cpe:2.3:o:netgear:wnr1000v4_firmware:-:*:*:*:*:*:*:*
Netgear/Wnr2000v3 Firmware
cpe:2.3:o:netgear:wnr2000v3_firmware:-:*:*:*:*:*:*:*
Netgear/Wnr2000v4 Firmware
cpe:2.3:o:netgear:wnr2000v4_firmware:-:*:*:*:*:*:*:*
Netgear/Wnr2000v5 Firmware
cpe:2.3:o:netgear:wnr2000v5_firmware:-:*:*:*:*:*:*:*
Netgear/Wnr2020 Firmware
cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:*
Netgear/Wnr2050 Firmware
cpe:2.3:o:netgear:wnr2050_firmware:-:*:*:*:*:*:*:*
Netgear/Wnr2200 Firmware
cpe:2.3:o:netgear:wnr2200_firmware:-:*:*:*:*:*:*:*
Netgear/Wnr2500 Firmware
cpe:2.3:o:netgear:wnr2500_firmware:-:*:*:*:*:*:*:*
Netgear/Wnr614 Firmware
cpe:2.3:o:netgear:wnr614_firmware:-:*:*:*:*:*:*:*
Netgear/Wnr618 Firmware
cpe:2.3:o:netgear:wnr618_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2016/Dec/72nvdExploitMailing ListThird Party AdvisoryVDB Entry
raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txtnvdExploitTechnical DescriptionThird Party Advisory
www.exploit-db.com/exploits/40949/nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/41719/nvdExploitThird Party AdvisoryVDB Entry
kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-VulnerabilitynvdVendor Advisory
www.securityfocus.com/bid/95867nvdBroken LinkThird Party AdvisoryVDB Entry
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.073
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000