NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
References
Link | Resource |
---|---|
http://kb.netgear.com/000036386/CVE-2016-582384 | Patch Vendor Advisory |
http://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.html | |
http://www.securityfocus.com/bid/94819 | |
http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ | Mitigation Third Party Advisory |
https://kalypto.org/research/netgear-vulnerability-expanded/ | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/40889/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/41598/ | |
https://www.kb.cert.org/vuls/id/582384 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-12-14T16:00:00
Updated: 2019-12-17T17:06:02
Reserved: 2016-07-22T00:00:00
Link: CVE-2016-6277
JSON object: View
NVD Information
Status : Modified
Published: 2016-12-14T16:59:00.350
Modified: 2017-08-16T01:29:10.057
Link: CVE-2016-6277
JSON object: View
Redhat Information
No data.
CWE