Details of VAR-201612-0015

ID

VAR-201612-0015

CVE

CVE-2016-6277

TITLE

Multiple Netgear routers are vulnerable to arbitrary command injection

Trust: 0.8

sources: CERT/CC: VU#582384

DESCRIPTION

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. plural NETGEAR Multiple routers have multiple vulnerabilities. Command injection (CWE-77) - CVE-2016-6277 The problem of lack of authentication for important functions (CWE-306) Cross-site request forgery (CWE-352) NETGEAR Multiple routers made by the company contain a command injection vulnerability. In addition, when a user who can access the product accesses a specially crafted page, URL As a result, it may be possible to execute arbitrary commands with administrator privileges of the product. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') https://cwe.mitre.org/data/definitions/77.html CWE-306: Missing Authentication for Critical Function https://cwe.mitre.org/data/definitions/306.html CWE-352: Cross-Site Request Forgery (CSRF) https://cwe.mitre.org/data/definitions/352.htmlCrafted by a remote third party URL By accessing, an arbitrary command may be executed with the administrator authority of the product concerned. NetgearR7000 and R6400 are Netgear's wireless router products. An attacker exploits a vulnerability to execute arbitrary system commands in the context of an affected application. Netgear R6400 running firmware version 1.0.1.6_1.0.4 and prior. Netgear R8000 running firmware version 1.0.3.4_1.1.2. Security flaws exist in several NETGEAR routing products

Trust: 3.33

sources: NVD: CVE-2016-6277 // CERT/CC: VU#582384 // JVNDB: JVNDB-2016-006166 // CNVD: CNVD-2016-12093 // BID: 94819 // VULHUB: VHN-95097 // VULMON: CVE-2016-6277

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-12093

AFFECTED PRODUCTS

vendor:	netgear	model:	d6220	scope:	lte	version:	1.0.0.22	Trust: 1.0
vendor:	netgear	model:	r7300dst	scope:	lte	version:	1.0.0.46	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lte	version:	1.0.1.14	Trust: 1.0
vendor:	netgear	model:	r6250	scope:	lte	version:	1.0.4.6_10.1.12	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lte	version:	1.0.1.14	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	lte	version:	1.0.0.28	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lte	version:	1.0.1.8	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lte	version:	1.0.3.26	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lte	version:	1.0.7.2_1.1.93	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lte	version:	1.0.1.18	Trust: 1.0
vendor:	netgear	model:	d6400	scope:	lte	version:	1.0.0.56	Trust: 1.0
vendor:	netgear	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	d6220	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	d6400	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r6250	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r6400	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r6700	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r6900	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r7000	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r7100lg	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r7300dst	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r7900	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r8000	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	d6220	scope:	eq	version:	1.0.0.22	Trust: 0.7
vendor:	netgear	model:	d6400	scope:	eq	version:	1.0.0.56	Trust: 0.7
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.14	Trust: 0.7
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.14	Trust: 0.7
vendor:	netgear	model:	r7100lg	scope:	eq	version:	1.0.0.28	Trust: 0.7
vendor:	netgear	model:	r7300dst	scope:	eq	version:	1.0.0.46	Trust: 0.7
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.1.8	Trust: 0.7
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.3.26	Trust: 0.7
vendor:	netgear	model:	r7000	scope:	gte	version:	1.0.7.2,<=1.1.93	Trust: 0.6
vendor:	netgear	model:	r6400	scope:	gte	version:	1.0.1.6<=1.0.4	Trust: 0.6
vendor:	netgear	model:	r8000	scope:	gte	version:	1.0.3.4,<=1.1.2	Trust: 0.6
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.7.2_1.1.93	Trust: 0.6
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.6_10.1.12	Trust: 0.6
vendor:	netgear	model:	r8000 1.0.3.4 1.1.2	scope:	-	version:	-	Trust: 0.3
vendor:	netgear	model:	r7000 1.0.7.2 1.1.93	scope:	-	version:	-	Trust: 0.3
vendor:	netgear	model:	r6400 1.0.1.6 1.0.4	scope:	-	version:	-	Trust: 0.3
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.6 10.1.12	Trust: 0.1
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.18	Trust: 0.1
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.7.2 1.1.93	Trust: 0.1

sources: CERT/CC: VU#582384 // CNVD: CNVD-2016-12093 // VULMON: CVE-2016-6277 // BID: 94819 // JVNDB: JVNDB-2016-006166 // CNNVD: CNNVD-201612-432 // NVD: CVE-2016-6277

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-6277
value:	HIGH
Trust: 1.6
nvd@nist.gov:	CVE-2016-6277
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2016-12093
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201612-432
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-95097
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-6277
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-6277
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
NVD:	CVE-2016-6277
severity:	HIGH
baseScore:	9.3
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-12093
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-95097
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6277
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2016-6277
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CERT/CC: VU#582384 // CNVD: CNVD-2016-12093 // VULHUB: VHN-95097 // VULMON: CVE-2016-6277 // JVNDB: JVNDB-2016-006166 // CNNVD: CNNVD-201612-432 // NVD: CVE-2016-6277

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.9
problemtype:	CWE-77	Trust: 0.8
problemtype:	CWE-306	Trust: 0.8

sources: VULHUB: VHN-95097 // JVNDB: JVNDB-2016-006166 // NVD: CVE-2016-6277

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-432

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201612-432

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006166

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#582384 // VULHUB: VHN-95097 // VULMON: CVE-2016-6277

PATCH

title:	Security Advisory for CVE-2016-6277, PSV-2016-0245	url:	http://kb.netgear.com/000036386/CVE-2016-582384	Trust: 0.8
title:	Multiple NETGEAR Remedial measures for routing product cross-site request forgery vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103230	Trust: 0.6
title:	netgear-r7000_command_injection_exploit	url:	https://github.com/vpc435/netgear-r7000_command_injection_exploit	Trust: 0.1
title:	labs	url:	https://github.com/nixawk/labs	Trust: 0.1
title:	MS17-010	url:	https://github.com/oneplus-x/MS17-010	Trust: 0.1
title:	Cyber-Security_Collection	url:	https://github.com/RakhithJK/Cyber-Security_Collection	Trust: 0.1
title:	awesome-cyber-security	url:	https://github.com/xrkk/awesome-cyber-security	Trust: 0.1
title:	Exp101tsArchiv30thers	url:	https://github.com/nu11secur1ty/Exp101tsArchiv30thers	Trust: 0.1
title:	Windows10ExploitsArchiv30thers	url:	https://github.com/nu11secur1ty/Windows10ExploitsArchiv30thers	Trust: 0.1
title:	awesome-cve-poc	url:	https://github.com/qazbnm456/awesome-cve-poc	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/wicked-botnet-uses-passel-of-exploits-to-target-iot/132125/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/go-based-liquorbot-adapts-cryptomining-payload-to-infected-host/	Trust: 0.1

sources: VULMON: CVE-2016-6277 // JVNDB: JVNDB-2016-006166 // CNNVD: CNNVD-201612-432

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6277	Trust: 4.3
db:	EXPLOIT-DB	id:	40889	Trust: 4.0
db:	CERT/CC	id:	VU#582384	Trust: 3.7
db:	BID	id:	94819	Trust: 1.5
db:	EXPLOIT-DB	id:	41598	Trust: 1.2
db:	PACKETSTORM	id:	155712	Trust: 1.2
db:	JVN	id:	JVNVU94858949	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-006166	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-432	Trust: 0.7
db:	CNVD	id:	CNVD-2016-12093	Trust: 0.6
db:	PACKETSTORM	id:	141585	Trust: 0.1
db:	SEEBUG	id:	SSVID-92571	Trust: 0.1
db:	VULHUB	id:	VHN-95097	Trust: 0.1
db:	VULMON	id:	CVE-2016-6277	Trust: 0.1

sources: CERT/CC: VU#582384 // CNVD: CNVD-2016-12093 // VULHUB: VHN-95097 // VULMON: CVE-2016-6277 // BID: 94819 // JVNDB: JVNDB-2016-006166 // CNNVD: CNNVD-201612-432 // NVD: CVE-2016-6277

REFERENCES

url:	https://www.exploit-db.com/exploits/40889/	Trust: 4.0
url:	http://kb.netgear.com/000036386/cve-2016-582384	Trust: 3.7
url:	http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/	Trust: 3.4
url:	https://kalypto.org/research/netgear-vulnerability-expanded/	Trust: 3.4
url:	https://www.kb.cert.org/vuls/id/582384	Trust: 3.0
url:	http://www.securityfocus.com/bid/94819	Trust: 1.3
url:	https://www.exploit-db.com/exploits/41598/	Trust: 1.3
url:	http://packetstormsecurity.com/files/155712/netgear-r6400-remote-code-execution.html	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6277	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu94858949	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6277	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

Chad Dougherty

Trust: 0.3

sources: BID: 94819

SOURCES

db:	CERT/CC	id:	VU#582384
db:	CNVD	id:	CNVD-2016-12093
db:	VULHUB	id:	VHN-95097
db:	VULMON	id:	CVE-2016-6277
db:	BID	id:	94819
db:	JVNDB	id:	JVNDB-2016-006166
db:	CNNVD	id:	CNNVD-201612-432
db:	NVD	id:	CVE-2016-6277

LAST UPDATE DATE

2024-09-09T23:07:10.080000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#582384	date:	2017-01-03T00:00:00
db:	CNVD	id:	CNVD-2016-12093	date:	2016-12-12T00:00:00
db:	VULHUB	id:	VHN-95097	date:	2017-08-16T00:00:00
db:	VULMON	id:	CVE-2016-6277	date:	2017-08-16T00:00:00
db:	BID	id:	94819	date:	2017-01-12T01:04:00
db:	JVNDB	id:	JVNDB-2016-006166	date:	2016-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201612-432	date:	2019-11-22T00:00:00
db:	NVD	id:	CVE-2016-6277	date:	2024-07-16T17:43:58.997

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#582384	date:	2016-12-09T00:00:00
db:	CNVD	id:	CNVD-2016-12093	date:	2016-12-09T00:00:00
db:	VULHUB	id:	VHN-95097	date:	2016-12-14T00:00:00
db:	VULMON	id:	CVE-2016-6277	date:	2016-12-14T00:00:00
db:	BID	id:	94819	date:	2016-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-006166	date:	2016-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201612-432	date:	2016-12-15T00:00:00
db:	NVD	id:	CVE-2016-6277	date:	2016-12-14T16:59:00.350