Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2016-6277

Published: 14/12/2016 Updated: 16/08/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 941
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Netgear

Vulnerability Summary

NETGEAR R6250 prior to 1.0.4.6.Beta, R6400 prior to 1.0.1.18.Beta, R6700 prior to 1.0.1.14.Beta, R6900, R7000 prior to 1.0.7.6.Beta, R7100LG prior to 1.0.0.28.Beta, R7300DST prior to 1.0.0.46.Beta, R7900 prior to 1.0.1.8.Beta, R8000 prior to 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote malicious users to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

netgear r6400_firmware

netgear r8000_firmware

netgear d6220_firmware

netgear r7000_firmware

netgear r7100lg_firmware

netgear r6700_firmware

netgear r6900_firmware

netgear d6400_firmware

netgear r6250_firmware

netgear r7300dst_firmware

netgear r7900_firmware

Exploits

Exploit DB: Netgear R6400 Remote Code Execution
Netgear R6400 suffers from a remote code execution vulnerability ...
Exploit DB: NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super ...
Exploit DB: NETGEAR R7000 - Command Injection
# Exploit Title: Netgear R7000 - Command Injection # Date: 6-12-2016 # Exploit Author: Acew0rm # Contact: twittercom/Acew0rm1 # Vendor Homepage: wwwnetgearcom/ # Category: Hardware # Version: V1072_1193 -Vulnerability An unauthenticated user can inject commands threw RouterIP/cgi-bin/;COMMAND -Proof Of Concept http ...

Github Repositories

https://github.com/m-mizutani/lurker

Scalable security network sensor as low interaction honeypot

Lurker lurker is network based honeypot for capturing payload for all TCP ports lurker sends spoofing TCP SYN-ACK packet against attacker and scanner's TCP SYN packet Then they will send TCP data payload after 3-way handshake and lurker captures the data and notify and save it for security research A lot of existing honeypot has each capture mechanism for specific p

https://github.com/vpc435/netgear-r7000_command_injection_exploit

Netgear R7000 Command Injection Exploit This script uses CVE-2016-6277 to exploit Command Injection vulnerablty on NETGEAR R7000

References

CWE-352http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/https://www.kb.cert.org/vuls/id/582384https://www.exploit-db.com/exploits/40889/http://kb.netgear.com/000036386/CVE-2016-582384https://kalypto.org/research/netgear-vulnerability-expanded/http://www.securityfocus.com/bid/94819https://www.exploit-db.com/exploits/41598/http://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/m-mizutani/lurkerhttps://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.htmlhttps://www.exploit-db.com/exploits/41598/https://www.kb.cert.org/vuls/id/582384
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook