PatchSiren cyber security CVE debrief

CVE-2016-10176 Netgear CVE debrief

CVE-2016-10176 is a critical NETGEAR WNR2000v5 firmware issue in the embedded web server (uhttpd). The device exposes an authenticated apply.cgi handler and, more concerningly, an unauthenticated apply_noauth.cgi handler that can be used to perform sensitive actions. According to the CVE description, this can allow attackers to change router settings, including password-recovery questions, and can lead to remote code execution.

Vendor: Netgear
Product: CVE-2016-10176
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-30
Original CVE updated: 2026-05-13
Advisory published: 2017-01-30
Advisory updated: 2026-05-13

Who should care

Anyone responsible for NETGEAR WNR2000v5 routers, especially if the devices are reachable from the internet or may still be running firmware at or below 1.0.0.34. Home users and small-office defenders should care because this is a network-reachable, no-authentication issue with full confidentiality, integrity, and availability impact.

Technical summary

NVD maps the issue to the NETGEAR WNR2000v5 firmware CPE and lists affected versions up to 1.0.0.34. The vulnerability is described as an insecure web interface design in uhttpd where apply_noauth.cgi permits unauthenticated sensitive actions, contrary to the expectations of apply.cgi. NVD assigns CVSS v3.0 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and CWE-20.

Defensive priority

Urgent. This is a critical remote, unauthenticated router flaw with high impact and no user interaction required. If the device is exposed or unpatched, the risk is immediate.

Recommended defensive actions

Identify any NETGEAR WNR2000v5 devices in your environment and verify their firmware version against the affected range listed by NVD (up to 1.0.0.34).
Apply the vendor remediation referenced in NETGEAR advisory KB 000036549 as soon as possible.
Remove or restrict internet exposure to router management services; allow admin access only from trusted internal networks.
If a fixed firmware is not available for your deployment, replace the device or place it behind compensating controls that prevent external management access.
After remediation, review router configuration for unexpected changes, including password-recovery question settings and other administrative options.
Monitor for unusual web requests and configuration changes involving the router management interface, especially requests targeting apply_noauth.cgi or apply.cgi.

Evidence notes

The CVE was published on 2017-01-30 and later modified on 2026-05-13; the debrief uses the published date for timing context. NVD identifies the vulnerable product as NETGEAR WNR2000v5 firmware and lists affected versions through 1.0.0.34. The NVD reference set includes a NETGEAR vendor advisory, third-party disclosures, and technical writeups. No KEV entry was supplied in the source corpus.

Official resources

CVE-2016-10176 CVE record
CVE.org
CVE-2016-10176 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Exploit, Technical Description, Third Party Advisory
Source reference
[email protected]

Publicly disclosed by the CVE publication date of 2017-01-30. The record was later modified on 2026-05-13, but that does not change the original disclosure timing.