CVE-2016-6277

Published: Dec 14, 2016Modified: Apr 21, 2026CISA KEV

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

Affected (11)

Products: Netgear: D6220 Firmware, D6400 Firmware, R6250 Firmware, R6400 Firmware, R6700 Firmware, R6900 Firmware, R7000 Firmware, R7100lg Firmware, R7300dst Firmware, R7900 Firmware, R8000 Firmware

11 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6220 Firmware	Up to 1.0.0.22

Running on/with	Platform Versions
Netgear D6220	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6400 Firmware	Up to 1.0.0.56

Running on/with	Platform Versions
Netgear D6400	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6250 Firmware	Up to 1.0.4.6_10.1.12

Running on/with	Platform Versions
Netgear R6250	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400 Firmware	Up to 1.0.1.18

Running on/with	Platform Versions
Netgear R6400	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6700 Firmware	Up to 1.0.1.14

Running on/with	Platform Versions
Netgear R6700	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900 Firmware	Up to 1.0.1.14

Running on/with	Platform Versions
Netgear R6900	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000 Firmware	Up to 1.0.7.2_1.1.93

Running on/with	Platform Versions
Netgear R7000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7100lg Firmware	Up to 1.0.0.28

Running on/with	Platform Versions
Netgear R7100lg	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7300dst Firmware	Up to 1.0.0.46

Running on/with	Platform Versions
Netgear R7300dst	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7900 Firmware	Up to 1.0.1.8

Running on/with	Platform Versions
Netgear R7900	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8000 Firmware	Up to 1.0.3.26

Running on/with	Platform Versions
Netgear R8000	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (17)

http://kb.netgear.com/000036386/CVE-2016-582384

Source: cve@mitre.org

PatchVendor Advisory

http://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/94819

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/

Source: cve@mitre.org

Broken LinkMitigationThird Party Advisory

https://kalypto.org/research/netgear-vulnerability-expanded/

Source: cve@mitre.org

Broken LinkExploitThird Party Advisory

https://www.exploit-db.com/exploits/40889/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/41598/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.kb.cert.org/vuls/id/582384

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://kb.netgear.com/000036386/CVE-2016-582384