Vulnerability Note VU#582384
Multiple Netgear routers are vulnerable to arbitrary command injection
Overview
Netgear R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection.
Description
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'), CWE-306: Missing Authentication for Critical Function, and CWE-352: Cross-Site Request Forgery (CSRF) R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 contain an unauthenticated command injection vulnerability that may be executed directly or via cross-domain requests. Known affected firmware versions include Netgear R7000 version 1.0.7.2_1.1.93, R6400 version 1.0.1.12_1.0.11, and R8000 version 1.0.3.4_1.1.2. Earlier versions may also be affected. The command injection vulnerability has been assigned CVE-2016-6277. |
Impact
By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers. |
Solution
Apply an update |
Disable web server |
Vendor Information (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Netgear, Inc. | Affected | 09 Dec 2016 | 11 Dec 2016 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 9.3 | E:H/RL:U/RC:C |
Environmental | 7.0 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- http://kb.netgear.com/000036386/CVE-2016-582384
- https://www.exploit-db.com/exploits/40889/
- https://cwe.mitre.org/data/definitions/77.html
- http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
- https://kalypto.org/research/netgear-vulnerability-expanded/
Credit
Thanks to Chad Dougherty for alerting us to this vulnerability.
This document was written by Joel Land.
Other Information
- CVE IDs: CVE-2016-6277
- Date Public: 07 Dec 2016
- Date First Published: 09 Dec 2016
- Date Last Updated: 03 Jan 2017
- Document Revision: 65
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.