CVE-2016-6277
CVE-2016-6277
In short
NETGEAR routers contain a vulnerability that allows attackers to run malicious commands remotely by exploiting how the router processes user input in web requests. An attacker can trick the router into executing arbitrary commands without needing to log in first.
Technical detail
A command injection vulnerability exists in the cgi-bin endpoint of affected NETGEAR routers where insufficient input validation on the path parameter allows unauthenticated remote attackers to inject shell metacharacters and execute arbitrary system commands with router privileges. The vulnerability requires only network access to the router's web interface.
Summary generated and translated by AI from the official description.
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 5
cve_referencepacketstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/40889/unverifiedcve_referencewww.exploit-db.com/exploits/41598/unverifiedexploitdbwww.exploit-db.com/exploits/41598unverifiedexploitdbwww.exploit-db.com/exploits/40889unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://kb.netgear.com/000036386/CVE-2016-582384http://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.htmlhttps://kalypto.org/research/netgear-vulnerability-expanded/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-6277https://www.exploit-db.com/exploits/40889/https://www.exploit-db.com/exploits/41598/https://www.kb.cert.org/vuls/id/582384http://www.securityfocus.com/bid/94819http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/