Vulnerability CVE-2016-6277


Published: 2016-12-14

Description:
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Netgear -> R6250 firmware 
Netgear -> R6900 firmware 
Netgear -> R7900 firmware 
Netgear -> R7000 firmware 
Netgear -> D6400 firmware 
Netgear -> D6220 firmware 
Netgear -> R6400 firmware 
Netgear -> R7100lg firmware 
Netgear -> R6700 firmware 
Netgear -> R7300dst firmware 
Netgear -> R8000 firmware 

 References:
http://kb.netgear.com/000036386/CVE-2016-582384
http://www.securityfocus.com/bid/94819
http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
https://kalypto.org/research/netgear-vulnerability-expanded/
https://www.exploit-db.com/exploits/40889/
https://www.exploit-db.com/exploits/41598/
https://www.kb.cert.org/vuls/id/582384

Copyright 2024, cxsecurity.com

 

Back to Top