Russian Vulnerability Scanner Database

Back to List

CVE-2016-6277

Scores

EPSS

0.943high94.3%
0%20%40%60%80%100%

Percentile: 94.3%

CVSS

8.8high3.x
0246810

CVSS Score: 8.8/10

All CVSS Scores

CVSS 3.x
8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0
9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-352

Related Vulnerabilities

BDU:2023-01043

Exploits

Exploit ID: CVE-2016-6277

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Exploit ID: 40889

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40889

Exploit ID: 41598

Source: exploitdb

URL: https://www.exploit-db.com/exploits/41598

Recommendations

Source: nvd

Apply an updateNetgear has released firmware updates for the affected models specified in their advisory. Users are strongly encouraged to update as soon as possible. For users unable or unwilling to apply a firmware fix, we recommend the following workarounds.Disable web serverThe very vulnerabilities that exist on affected routers may be used to temporarily disable the vulnerable web server until the device is restarted:http:///cgi-bin/;killall$IFS’httpd’Note that after performing this step, your router’s web administration not be available until the device is restarted. Please see Bas’ Blog for more details.Do not enable remote administrationEnabling remote administration allows affected routers to be exploited via direct requests from the WAN. As such, users are strongly advised to leave remote administration disabled, or disable it if is has been enabled previously.

URL: https://www.kb.cert.org/vuls/id/582384

Vulnerable Software (11)

Type: Configuration

Vendor: *

Product: d6220_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "1.0.0.22",          "vulnerable": tr...

Source: nvd

Type: Configuration

Vendor: *

Product: d6400_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "1.0.0.56",          "vulnerable": tr...

Source: nvd

Type: Configuration

Vendor: *

Product: r6250_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "1.0.4.6_10.1.12",          "vulnerab...

Source: nvd

Type: Configuration

Vendor: *

Product: r6400_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "1.0.1.18",          "vulnerable": tr...

Source: nvd

Type: Configuration

Vendor: *

Product: r6700_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "1.0.1.14",          "vulnerable": tr...

Source: nvd

Type: Configuration

Vendor: *

Product: r6900_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "1.0.1.14",          "vulnerable": tr...

Source: nvd

Type: Configuration

Vendor: *

Product: r7000_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "1.0.7.2_1.1.93",          "vulnerabl...

Source: nvd

Type: Configuration

Vendor: *

Product: r7100lg_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "1.0.0.28",          "vulnerable": ...

Source: nvd

Type: Configuration

Vendor: *

Product: r7300dst_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "1.0.0.46",          "vulnerable":...

Source: nvd

Type: Configuration

Vendor: *

Product: r7900_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "1.0.1.8",          "vulnerable": tru...

Source: nvd

Type: Configuration

Vendor: *

Product: r8000_firmware

Operating System: * * *

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",          "versionEndIncluding": "1.0.3.26",          "vulnerable": tr...

Source: nvd

End of list