8.8
CVSSv3

CVE-2016-6277

Published: 14/12/2016 Updated: 16/08/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 982
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

NETGEAR R6250 prior to 1.0.4.6.Beta, R6400 prior to 1.0.1.18.Beta, R6700 prior to 1.0.1.14.Beta, R6900, R7000 prior to 1.0.7.6.Beta, R7100LG prior to 1.0.0.28.Beta, R7300DST prior to 1.0.0.46.Beta, R7900 prior to 1.0.1.8.Beta, R8000 prior to 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote malicious users to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

netgear r6400_firmware

netgear r8000_firmware

netgear d6220_firmware

netgear r7000_firmware

netgear r7100lg_firmware

netgear r6700_firmware

netgear r6900_firmware

netgear d6400_firmware

netgear r6250_firmware

netgear r7300dst_firmware

netgear r7900_firmware

Exploits

# Exploit Title: Netgear R7000 - Command Injection # Date: 6-12-2016 # Exploit Author: Acew0rm # Contact: twittercom/Acew0rm1 # Vendor Homepage: wwwnetgearcom/ # Category: Hardware # Version: V1072_1193 -Vulnerability An unauthenticated user can inject commands threw RouterIP/cgi-bin/;COMMAND -Proof Of Concept http ...
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super ...

Mailing Lists

Netgear R6400 suffers from a remote code execution vulnerability ...

Metasploit Modules

Netgear R7000 and R6400 cgi-bin Command Injection

This module exploits an arbitrary command injection vulnerability in Netgear R7000 and R6400 router firmware version 1.0.7.2_1.1.93 and possibly earlier.

msf > use exploit/linux/http/netgear_r7000_cgibin_exec
      msf exploit(netgear_r7000_cgibin_exec) > show targets
            ...targets...
      msf exploit(netgear_r7000_cgibin_exec) > set TARGET <target-id>
      msf exploit(netgear_r7000_cgibin_exec) > show options
            ...show and set options...
      msf exploit(netgear_r7000_cgibin_exec) > exploit

Github Repositories

Lurker lurker is network based honeypot for capturing payload for all TCP ports lurker sends spoofing TCP SYN-ACK packet against attacker and scanner's TCP SYN packet Then they will send TCP data payload after 3-way handshake and lurker captures the data and notify and save it for security research A lot of existing honeypot has each capture mechanism for specific p

MS17-010 As all of our research is now in Metasploit master repository

Name Description CVE-2015-5531 Directory traversal vulnerability in Elasticsearch before 161 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls CVE-2016-1909 Fortinet FortiAnalyzer before 5012 and 52x before 525; FortiSwitch 33x before 333; FortiCache 30x before 308; and FortiOS 41x before 4111, 42x

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&amp;&a

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&amp;&a

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Wicked Botnet Uses Passel of Exploits to Target IoT
Threatpost • Tara Seals • 21 May 2018

Yet another variant of the Mirai botnet has appeared on the scene, but this one has a twist: The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers. It also has ties to a web of other botnets, made for DDoS attacks, which can all be traced back to one threat actor.
The original Mirai used traditional brute-force attempts to gain access to connected things in order to enslave them, but the Wicked Botnet, na...