NVD - Detail

National Cyber Awareness System

Vulnerability Summary for CVE-2016-6277

Original release date: 12/14/2016

Last revised: 12/23/2016

Source: US-CERT/NIST

Modified

This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

Overview

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

Impact

CVSS Severity (version 3.0):

CVSS v3 Base Score: 8.8 High

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

CVSS Version 3 Metrics:

Attack Vector (AV): Network

Attack Complexity (AC): Low

Privileges Required (PR): None

User Interaction (UI): Required

Scope (S): Unchanged

Confidentiality (C): High

Integrity (I): High

Availability (A): High

CVSS Severity (version 2.0):

CVSS v2 Base Score: 9.3 HIGH

Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable - Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC

Name: https://kalypto.org/research/netgear-vulnerability-expanded/

Type: Exploit; Third Party Advisory

Hyperlink: https://kalypto.org/research/netgear-vulnerability-expanded/

External Source: EXPLOIT-DB

Name: 40889

Type: Exploit; Third Party Advisory; VDB Entry

Hyperlink: https://www.exploit-db.com/exploits/40889/

External Source: CONFIRM

Name: http://kb.netgear.com/000036386/CVE-2016-582384

Type: Patch; Vendor Advisory

Hyperlink: http://kb.netgear.com/000036386/CVE-2016-582384

External Source: MISC

Name: http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/

Type: Mitigation; Third Party Advisory

Hyperlink: http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/

External Source: CERT-VN

Name: VU#582384

Type: Third Party Advisory; US Government Resource

Hyperlink: https://www.kb.cert.org/vuls/id/582384

External Source: BID

Name: 94819

Hyperlink: http://www.securityfocus.com/bid/94819

Vulnerable software and versions

* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)

Cross-Site Request Forgery (CSRF) (CWE-352)

CVE Standard Vulnerability Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6277

Change History 2 change records found - show changes

CVE Modified by MITRE - 12/23/2016 9:59:42 PM
Action	Type	Old Value	New Value
Changed	Reference Type	http://kb.netgear.com/000036386/CVE-2016-582384 Patch, Vendor Advisory	http://kb.netgear.com/000036386/CVE-2016-582384 Vendor Advisory, Patch
Changed	Reference Type	https://kalypto.org/research/netgear-vulnerability-expanded/ Exploit, Third Party Advisory	https://kalypto.org/research/netgear-vulnerability-expanded/ Third Party Advisory, Exploit
Added	Reference		http://www.securityfocus.com/bid/94819 [No Types Assigned]
Changed	Reference Type	https://www.exploit-db.com/exploits/40889/ Exploit, Third Party Advisory, VDB Entry	https://www.exploit-db.com/exploits/40889/ Third Party Advisory, VDB Entry, Exploit

Initial Analysis - 12/22/2016 11:17:44 AM
Action	Type	Old Value	New Value
Added	CVSS V2		(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Added	CVSS V3		AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Changed	Reference Type	http://kb.netgear.com/000036386/CVE-2016-582384 No Types Assigned	http://kb.netgear.com/000036386/CVE-2016-582384 Vendor Advisory, Patch
Added	CPE Configuration		Record truncated, showing 500 of 1493 characters. View Entire Change Record AND OR cpe:2.3:o:netgear:d6220_firmware:1.0.0.22::::::: (and previous) cpe:2.3:o:netgear:d6400_firmware:1.0.0.56::::::: (and previous) cpe:2.3:o:netgear:r6250_firmware:1.0.4.6_10.1.12::::::: (and previous) cpe:2.3:o:netgear:r6400_firmware:1.0.1.18::::::: (and previous) cpe:2.3:o:netgear:r6700_firmware:1.0.1.14::::::: (and previous) cpe:2.3:o:netgear:r6900_firmware:1.0.1.14::::::: (and
Changed	Reference Type	https://www.kb.cert.org/vuls/id/582384 No Types Assigned	https://www.kb.cert.org/vuls/id/582384 Third Party Advisory, US Government Resource
Added	CWE		CWE-352
Changed	Reference Type	https://kalypto.org/research/netgear-vulnerability-expanded/ No Types Assigned	https://kalypto.org/research/netgear-vulnerability-expanded/ Third Party Advisory, Exploit
Changed	Reference Type	http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ No Types Assigned	http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ Mitigation, Third Party Advisory
Changed	Reference Type	https://www.exploit-db.com/exploits/40889/ No Types Assigned	https://www.exploit-db.com/exploits/40889/ Third Party Advisory, VDB Entry, Exploit

View Entire Change Record

You are viewing this page in an unauthorized frame window.