.. / CVE-2016-6277

Exploit for NETGEAR Routers - Remote Code Execution (CVE-2016-6277)

Description:

NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

Nuclei Template

View the template here CVE-2016-6277.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-6277.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2016-6277
http://kb.netgear.com/000036386/CVE-2016-582384
http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
https://www.kb.cert.org/vuls/id/582384
https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/

.. / CVE-2016-6277 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for NETGEAR Routers - Remote Code Execution (CVE-2016-6277)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2016-6277