CVE-2016-1555

Name of the Vulnerable Software and Affected Versions Netgear WN604 versions prior to 3.3.3 Netgear WN802Tv2 versions prior to 3.5.5.0 Netgear WNAP210v2 versions prior to 3.5.5.0 Netgear WNAP320 versions prior to 3.5.5.0 Netgear WNDAP350 versions prior to 3.5.5.0 Netgear WNDAP360 versions prior to 3.5.5.0 Netgear WNDAP660 versions prior to 3.5.5.0

Description The issue is related to a lack of input data sanitization in the boardData102.php, boardData103.php, boardDataJP.php, boardDataNA.php, and boardDataWW.php scripts, allowing remote attackers to execute arbitrary commands. This can be exploited by sending malicious input to the affected API endpoints.

Recommendations For Netgear WN604 versions prior to 3.3.3, update to version 3.3.3 or later. For Netgear WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 versions prior to 3.5.5.0, update to version 3.5.5.0 or later. As a temporary workaround, consider restricting access to the boardData102.php, boardData103.php, boardDataJP.php, boardDataNA.php, and boardDataWW.php scripts until a patch is available.