Skip to main content
CVE-2016-10174 CRITICAL POC KEV THREAT Emergency

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow RCE Netgear
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
91.1%
Threat
7.7
CVE-2016-10176 CRITICAL POC PATCH THREAT Act Now

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.6%.

RCE Netgear Wnr2000V5 Firmware
NVD Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
86.6%
Threat
6.1
CVE-2016-10175 CRITICAL POC PATCH THREAT Act Now

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Netgear Information Disclosure Wnr2000V5 Firmware
NVD Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
81.6%
Threat
5.9
CVE-2016-10182 CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.3%.

D-Link Command Injection Dwr 932B Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
49.3%
Threat
4.9
CVE-2016-10178 CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.2%.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
22.2%
Threat
4.1
CVE-2016-10177 CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.1%.

D-Link Authentication Bypass Dwr 932B Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
20.1%
Threat
4.1
CVE-2016-6269 CRITICAL POC PATCH Act Now

Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Trend Micro PHP Smart Protection Server
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2017-5611 CRITICAL PATCH Act Now

SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.4%.

WordPress SQLi PHP Debian Linux Data Integrator
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
12.4%
CVE-2016-6604 CRITICAL Act Now

NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Samsung Exynos Fimg2D
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-9132 CRITICAL PATCH Act Now

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Botan
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy