NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
References
Link | Resource |
---|---|
http://kb.netgear.com/000036386/CVE-2016-582384 | Patch Vendor Advisory |
http://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.html | |
http://www.securityfocus.com/bid/94819 | |
http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ | Mitigation Third Party Advisory |
https://kalypto.org/research/netgear-vulnerability-expanded/ | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/40889/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/41598/ | |
https://www.kb.cert.org/vuls/id/582384 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2016-12-14 16:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-6277
Mitre link : CVE-2016-6277
CVE.ORG link : CVE-2016-6277
JSON object : View
Products Affected
netgear
- r7300dst
- r6900
- d6220_firmware
- r7900_firmware
- r6400_firmware
- r6900_firmware
- r8000
- r6250
- r7100lg
- r7300dst_firmware
- r6700
- r7100lg_firmware
- r7900
- d6400
- r7000_firmware
- r6250_firmware
- r6400
- r8000_firmware
- d6400_firmware
- r6700_firmware
- r7000
- d6220
CWE
CWE-352
Cross-Site Request Forgery (CSRF)