CVE-2016-10174

Name of the Vulnerable Software and Affected Versions NETGEAR WNR2000v5 Router (affected versions not specified)

Description The issue is caused by a buffer overflow in the hidden lang avi parameter when invoking the URL "/apply.cgi?/lang check.html". This can be exploited by an unauthenticated attacker to achieve remote code execution.

Recommendations As a temporary workaround, consider disabling access to the "/apply.cgi?/lang check.html" endpoint until a patch is available. Restrict the use of the hidden lang avi parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.