CVE-2016-6277
HIGH KEV NUCLEINETGEAR - RCE
Title source: llmDescription
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotecgi
https://www.exploit-db.com/exploits/41598
exploitdb
WORKING POC
VERIFIED
by Acew0rm · textwebappscgi
https://www.exploit-db.com/exploits/40889
metasploit
WORKING POC
EXCELLENT
by thecarterb, Acew0rm · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netgear_r7000_cgibin_exec.rb
Nuclei Templates (1)
NETGEAR Routers - Remote Code Execution
HIGHby pikpikcu
References (9)
Scores
CVSS v3
8.8
EPSS
0.9433
EPSS Percentile
100.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CISA KEV
2022-03-07
VulnCheck KEV
2018-03-01
InTheWild.io
2022-03-07
ENISA EUVD
EUVD-2016-7207
CWE
CWE-352
Status
published
Products (11)
netgear/d6220_firmware
< 1.0.0.22
netgear/d6400_firmware
< 1.0.0.56
netgear/r6250_firmware
< 1.0.4.6_10.1.12
netgear/r6400_firmware
< 1.0.1.18
netgear/r6700_firmware
< 1.0.1.14
netgear/r6900_firmware
< 1.0.1.14
netgear/r7000_firmware
< 1.0.7.2_1.1.93
netgear/r7100lg_firmware
< 1.0.0.28
netgear/r7300dst_firmware
< 1.0.0.46
netgear/r7900_firmware
< 1.0.1.8
... and 1 more
Published
Dec 14, 2016
KEV Added
Mar 07, 2022
Tracked Since
Feb 18, 2026