Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Command-injection hole can only be closed by killing web server – or the whole thing
Owners of three models of Netgear routers are being advised to exploit a security hole in their broadband boxes to, er, temporarily close said hole. The alternative is to switch off the boxes until a firmware update lands. Netgear says that the R6400, R7000, and R8000 series routers are all vulnerable to CVE-2016-582384, a command-injection bug that is trivial to exploit: you simply have to trick someone on the router's local network into opening a booby-trapped webpage. We're told R7500, R7800,...