CVE-2016-10176

Name of the Vulnerable Software and Affected Versions NETGEAR WNR2000v5 router

Description The issue allows an unauthenticated user to perform sensitive actions on the device by invoking a specific URL on the web server. This can be exploited to change router settings, such as password-recovery questions, and achieve remote code execution. The embedded web server (uhttpd) handles the apply.cgi and apply noauth.cgi URLs, with the latter allowing unauthorized access to perform these actions.

Recommendations For the NETGEAR WNR2000v5 router, consider restricting access to the apply noauth.cgi URL as a temporary workaround until a patch is available. Avoid using the apply noauth.cgi URL in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.