Acew0rm - Security Researcher - Exploit Intelligence Platform

CVE-2016-6277 METASPLOIT HIGH ruby WORKING POC

NETGEAR D6220/D6400/R6250/R6400/R6700/R6900/R7000/R7100LG/R7300DST/R7900/R8000 Firmware - Remote Code Execution

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

CVSS 8.8

View Code

CVE-2016-582384 METASPLOIT ruby WORKING POC

Rejected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

View Code

CVE-2016-6277 EXPLOITDB HIGH ruby WORKING POC

NETGEAR D6220/D6400/R6250/R6400/R6700/R6900/R7000/R7100LG/R7300DST/R7900/R8000 Firmware - Remote Code Execution

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

CVSS 8.8

View Code

CVE-2016-6277 EXPLOITDB HIGH text WORKING POC

NETGEAR D6220/D6400/R6250/R6400/R6700/R6900/R7000/R7100LG/R7300DST/R7900/R8000 Firmware - Remote Code Execution

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

CVSS 8.8

View Code