CVE-2016-5638— Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-5638
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text
Source: NVD (National Vulnerability Database)
Vulnerability Description
There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文传输
Source: NVD (National Vulnerability Database)
Vulnerability Title
Netgear WNDR4500 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Netgear WNDR4500是美国网件(NetGear)公司的一款无线路由器产品。 使用1.0.1.40_1.0.6877版本固件的Netgear WNDR4500中存在信息泄露漏洞。远程攻击者可利用该漏洞未经认证访问genie_ping.htm、genie_ping2.htm或genie_ping3.htm页面,获取敏感信息,例如明文形式的网络密钥(密码)和2.4GHz & 5GHz无线网络名称(SSID)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2016-5638
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-5638
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Netgear
- CVE-2026-24714
NETGEAR PR2000 安全漏洞 - CVE-2026-0404
Insufficient input validation in NETGEAR Orbi routers - CVE-2026-0408
Path traversal vulnerability in Netgear WiFi Range Extenders - CVE-2026-0407
Authentication bypass in NETGEAR WiFi Range Extenders via ne - CVE-2026-0406
Insufficient input validation in NETGEAR Nighthawk router XR
Same weakness: CWE-319
- CVE-2026-45180
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl ma - CVE-2026-45179
Plack::Middleware::Statsd versions before 0.9.0 for Perl may - CVE-2025-59852
HCL DFXAnalytics is affected by an Insufficient Transport - CVE-2026-7610
TRENDnet TEW-821DAP Firmware Update ssi cleartext transmissi - CVE-2026-42514
Sensitive Data Exposure Vulnerability in e-Sushrut HMIS
V. Comments for CVE-2016-5638
No comments yet