CVE-2016-6277 : NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

Published 2016-12-14 16:59:00

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2016-6277

Netgear » R6400 Firmware
Versions up to, including, (<=) 1.0.1.18
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6400 » Version: N/A
Netgear » R6700 Firmware
Versions up to, including, (<=) 1.0.1.14
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6700 » Version: N/A
Netgear » R6900 Firmware
Versions up to, including, (<=) 1.0.1.14
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6900 » Version: N/A
Netgear » R7000 Firmware
Versions up to, including, (<=) 1.0.7.2_1.1.93
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7000 » Version: N/A
Netgear » R7100lg Firmware
Versions up to, including, (<=) 1.0.0.28
cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7100lg » Version: N/A
Netgear » R7300dst Firmware
Versions up to, including, (<=) 1.0.0.46
cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7300dst » Version: N/A
Netgear » R7900 Firmware
Versions up to, including, (<=) 1.0.1.8
cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7900 » Version: N/A
Netgear » R8000 Firmware
Versions up to, including, (<=) 1.0.3.26
cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R8000 » Version: N/A
Netgear » D6220 Firmware
Versions up to, including, (<=) 1.0.0.22
cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6220 » Version: N/A
Netgear » D6400 Firmware
Versions up to, including, (<=) 1.0.0.56
cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6400 » Version: N/A
Netgear » R6250 Firmware
Versions up to, including, (<=) 1.0.4.6_10.1.12
cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6250 » Version: N/A

CVE-2016-6277 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

NETGEAR Multiple Routers Remote Code Execution Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.

Notes:

https://nvd.nist.gov/vuln/detail/CVE-2016-6277

Added on 2022-03-07 Action due date 2022-09-07

Exploit prediction scoring system (EPSS) score for CVE-2016-6277

EPSS FAQ

94.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2016-6277

Netgear R7000 and R6400 cgi-bin Command Injection

Disclosure Date: 2016-12-06

First seen: 2020-04-26

exploit/linux/http/netgear_r7000_cgibin_exec

This module exploits an arbitrary command injection vulnerability in Netgear R7000 and R6400 router firmware version 1.0.7.2_1.1.93 and possibly earlier. Authors: - thecarterb - Acew0rm

More information

CVSS scores for CVE-2016-6277

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-04
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2024-07-16
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-6277

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2016-6277

https://www.exploit-db.com/exploits/41598/

NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)
Exploit;Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/40889/

NETGEAR R7000 - Command Injection
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/94819

Multiple Netgear Routers VU#582384 Remote Command Injection Vulnerability
Broken Link;Third Party Advisory;VDB Entry
https://kalypto.org/research/netgear-vulnerability-expanded/

NetGear Vulnerability Expanded | KALYPTO (IN)SECURITY
Broken Link;Exploit;Third Party Advisory
https://www.kb.cert.org/vuls/id/582384

VU#582384 - Multiple Netgear routers are vulnerable to arbitrary command injection
Third Party Advisory;US Government Resource
http://kb.netgear.com/000036386/CVE-2016-582384

Security Advisory for CVE-2016-6277, PSV-2016-0245 | Answer | NETGEAR Support
Patch;Vendor Advisory
http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/

A temporary fix for CERT VU#582384 vulnerability for various Netgear routers (including R6400, R7000, R8000 and similar) | Bas' Blog
Broken Link;Mitigation;Third Party Advisory
http://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.html

Netgear R6400 Remote Code Execution ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2016-6277