CVE-2016-6277: NETGEAR Multiple Routers Remote Code Execution Vulnerability
First published: Wed Dec 14 2016(Updated: )
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear D6220 Firmware | <=1.0.0.22 | |
| NETGEAR R6400v2 | <=1.0.0.56 | |
| netgear R6250 Firmware | <=1.0.4.6_10.1.12 | |
| Netgear R6400 Firmware | <=1.0.1.18 | |
| Netgear R6700 Firmware | <=1.0.1.14 | |
| Netgear R6900 Firmware | <=1.0.1.14 | |
| Netgear R7000 Firmware | <=1.0.7.2_1.1.93 | |
| Netgear R7100lg Firmware | <=1.0.0.28 | |
| Netgear R7300dst Firmware | <=1.0.0.46 | |
| Netgear R7900 Firmware | <=1.0.1.8 | |
| Netgear R8000 Firmware | <=1.0.3.26 | |
| NETGEAR D6220 | ||
| Netgear D6400 | ||
| NETGEAR R6250 | ||
| NETGEAR R6400 | ||
| NETGEAR R6700 | ||
| Netgear R6900 | ||
| NETGEAR R7000 | ||
| Netgear R7100LG | ||
| Netgear R7300dst | ||
| Netgear R7900 | ||
| NETGEAR R8000 | ||
| All of | ||
| Netgear D6220 Firmware | <=1.0.0.22 | |
| NETGEAR D6220 | ||
| All of | ||
| Netgear D6400 Firmware | <=1.0.0.56 | |
| Netgear D6400 | ||
| All of | ||
| netgear R6250 Firmware | <=1.0.4.6_10.1.12 | |
| NETGEAR R6250 | ||
| All of | ||
| Netgear R6400 Firmware | <=1.0.1.18 | |
| NETGEAR R6400 | ||
| All of | ||
| Netgear R6700 Firmware | <=1.0.1.14 | |
| NETGEAR R6700 | ||
| All of | ||
| Netgear R6900 Firmware | <=1.0.1.14 | |
| Netgear R6900 | ||
| All of | ||
| Netgear R7000 Firmware | <=1.0.7.2_1.1.93 | |
| NETGEAR R7000 | ||
| All of | ||
| Netgear R7100lg Firmware | <=1.0.0.28 | |
| Netgear R7100LG | ||
| All of | ||
| Netgear R7300dst Firmware | <=1.0.0.46 | |
| Netgear R7300dst | ||
| All of | ||
| Netgear R7900 Firmware | <=1.0.1.8 | |
| Netgear R7900 | ||
| All of | ||
| Netgear R8000 Firmware | <=1.0.3.26 | |
| NETGEAR R8000 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://kb.netgear.com/000036386/CVE-2016-582384
- http://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.html
- http://www.securityfocus.com/bid/94819
- http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
- https://kalypto.org/research/netgear-vulnerability-expanded/
- https://www.exploit-db.com/exploits/40889/
- https://www.exploit-db.com/exploits/41598/
- https://www.kb.cert.org/vuls/id/582384
- https://nvd.nist.gov/vuln/detail/CVE-2016-6277
- collector/nvd-index
- agent/type
- agent/description
- agent/title
- agent/remedy
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-cve
- vendor/netgear
- canonical/netgear d6220 firmware
- version/netgear d6220 firmware/1.0.0.22
- canonical/netgear r6400v2
- version/netgear r6400v2/1.0.0.56
- canonical/netgear r6250 firmware
- version/netgear r6250 firmware/1.0.4.6_10.1.12
- canonical/netgear r6400 firmware
- version/netgear r6400 firmware/1.0.1.18
- canonical/netgear r6700 firmware
- version/netgear r6700 firmware/1.0.1.14
- canonical/netgear r6900 firmware
- version/netgear r6900 firmware/1.0.1.14
- canonical/netgear r7000 firmware
- version/netgear r7000 firmware/1.0.7.2_1.1.93
- canonical/netgear r7100lg firmware
- version/netgear r7100lg firmware/1.0.0.28
- canonical/netgear r7300dst firmware
- version/netgear r7300dst firmware/1.0.0.46
- canonical/netgear r7900 firmware
- version/netgear r7900 firmware/1.0.1.8
- canonical/netgear r8000 firmware
- version/netgear r8000 firmware/1.0.3.26
- canonical/netgear d6220
- canonical/netgear d6400
- canonical/netgear r6250
- canonical/netgear r6400
- canonical/netgear r6700
- canonical/netgear r6900
- canonical/netgear r7000
- canonical/netgear r7100lg
- canonical/netgear r7300dst
- canonical/netgear r7900
- canonical/netgear r8000
- canonical/netgear d6400 firmware
- version/netgear d6400 firmware/1.0.0.56
- canonical/netgear multiple routers