8.8 CVE-2016-6277
CISA Kev Catalog CSRF Used by Malware Patch Exploit
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
https://nvd.nist.gov/vuln/detail/CVE-2016-6277
Categories
CWE-352 : Cross-Site Request Forgery (CSRF)
When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.
References
cve@mitre.org Patch Exploit
http://kb.netgear.com/000036386/CVE-2016-582384 Patch Vendor Advisory |
http://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Executi... Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/94819 Broken Link Third Party Advisory VDB Entry |
http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r700... Broken Link Mitigation Third Party Advisory |
https://kalypto.org/research/netgear-vulnerability-expanded/ Broken Link Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/40889/ Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/41598/ Exploit Third Party Advisory VDB Entry |
https://www.kb.cert.org/vuls/id/582384 Third Party Advisory US Government Resource |
CPE
cpe | start | end |
---|---|---|
Configuration 1 | ||
AND | ||
cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:* | <= 1.0.0.22 | |
Running on/with | ||
cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:* | ||
Configuration 2 | ||
AND | ||
cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:* | <= 1.0.0.56 | |
Running on/with | ||
cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:* | ||
Configuration 3 | ||
AND | ||
cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:* | <= 1.0.4.6_10.1.12 | |
Running on/with | ||
cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:* | ||
Configuration 4 | ||
AND | ||
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:* | <= 1.0.1.18 | |
Running on/with | ||
cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:* | ||
Configuration 5 | ||
AND | ||
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:* | <= 1.0.1.14 | |
Running on/with | ||
cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:* | ||
Configuration 6 | ||
AND | ||
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:* | <= 1.0.1.14 | |
Running on/with | ||
cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:* | ||
Configuration 7 | ||
AND | ||
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:* | <= 1.0.7.2_1.1.93 | |
Running on/with | ||
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:* | ||
Configuration 8 | ||
AND | ||
cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:* | <= 1.0.0.28 | |
Running on/with | ||
cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:* | ||
Configuration 9 | ||
AND | ||
cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:* | <= 1.0.0.46 | |
Running on/with | ||
cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:* | ||
Configuration 10 | ||
AND | ||
cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:* | <= 1.0.1.8 | |
Running on/with | ||
cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:* | ||
Configuration 11 | ||
AND | ||
cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:* | <= 1.0.3.26 | |
Running on/with | ||
cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:* |
REMEDIATION
Patch
Url |
---|
http://kb.netgear.com/000036386/CVE-2016-582384 |
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
41598 | Netgear R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit) | 2017-03-13 | |
40889 | Netgear R7000 - Command Injection | 2016-12-07 |
POC Github
Url |
---|
No known exploits |
Other Nist (github, ...)
Url |
---|
http://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Executi... |
https://kalypto.org/research/netgear-vulnerability-expanded/ |
https://www.exploit-db.com/exploits/41598/ |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
111 | JSON Hijacking (aka JavaScript Hijacking) |
High |
462 | Cross-Domain Search Timing |
Medium |
467 | Cross Site Identification |
Low |
62 | Cross Site Request Forgery |
Very High |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.