Sign-up

ID

VAR-201612-0228


CVE

CVE-2016-582384


TITLE

Multiple Netgear routers are vulnerable to arbitrary command injection

Trust: 0.8

sources: CERT/CC: VU#582384

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Netgear R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection. Multiple Netgear Routers are prone to a remote command-injection vulnerability. Successfully exploiting this issue may allow an attacker to inject and execute arbitrary commands in the context of the affected device. Netgear R6400 running firmware version 1.0.1.6_1.0.4 and prior. Netgear R8000 running firmware version 1.0.3.4_1.1.2. Security flaws exist in several NETGEAR routing products. An attacker can exploit this vulnerability to execute arbitrary code with the help of shell metacharacters

Trust: 2.07

sources: NVD: CVE-2016-582384 // CERT/CC: VU#582384 // BID: 94819 // VULHUB: VHN-94643 // VULHUB: VHN-95097

AFFECTED PRODUCTS

vendor:netgearmodel: - scope: - version: -

Trust: 0.8

vendor:netgearmodel:r8000 1.0.3.4 1.1.2scope: - version: -

Trust: 0.3

vendor:netgearmodel:r7000 1.0.7.2 1.1.93scope: - version: -

Trust: 0.3

vendor:netgearmodel:r6400 1.0.1.6 1.0.4scope: - version: -

Trust: 0.3

sources: CERT/CC: VU#582384 // BID: 94819

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-6277
value: HIGH

Trust: 0.8

VULHUB: VHN-95097
value: HIGH

Trust: 0.1

NVD: CVE-2016-6277
severity: HIGH
baseScore: 9.3
vectorString: NONE
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-95097
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#582384 // VULHUB: VHN-95097

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 0.1

sources: VULHUB: VHN-95097

THREAT TYPE

network

Trust: 0.3

sources: BID: 94819

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 94819

EXPLOIT AVAILABILITY

sources:
            
            
            CERT/CC: VU#582384 // 
            
            
            
            VULHUB: VHN-95097

EXTERNAL IDS
db:NVDid:CVE-2016-582384
Trust: 2.3
db:CERT/CCid:VU#582384
Trust: 1.2
db:EXPLOIT-DBid:40889
Trust: 0.9
db:BIDid:94819
Trust: 0.4
db:VULHUBid:VHN-94643
Trust: 0.1
db:EXPLOIT-DBid:41598
Trust: 0.1
db:PACKETSTORMid:155712
Trust: 0.1
db:PACKETSTORMid:141585
Trust: 0.1
db:SEEBUGid:SSVID-92571
Trust: 0.1
db:CNNVDid:CNNVD-201612-432
Trust: 0.1
db:VULHUBid:VHN-95097
Trust: 0.1
sources:
            
            
            CERT/CC: VU#582384 // 
            
            
            
            VULHUB: VHN-94643 // 
            
            
            
            VULHUB: VHN-95097 // 
            
            
            
            BID: 94819 // 
            
            
            
            NVD: CVE-2016-582384

REFERENCES
url:http://kb.netgear.com/000036386/cve-2016-582384
Trust: 2.0
url:https://www.exploit-db.com/exploits/40889/
Trust: 0.9
url:http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
Trust: 0.9
url:https://kalypto.org/research/netgear-vulnerability-expanded/
Trust: 0.9
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/582384
Trust: 0.4
url:http://www.securityfocus.com/bid/94819
Trust: 0.1
url:https://www.exploit-db.com/exploits/41598/
Trust: 0.1
url:http://packetstormsecurity.com/files/155712/netgear-r6400-remote-code-execution.html
Trust: 0.1
sources:
            
            
            CERT/CC: VU#582384 // 
            
            
            
            VULHUB: VHN-95097 // 
            
            
            
            BID: 94819

CREDITS
Chad Dougherty
Trust: 0.3
sources:
            
            
            BID: 94819

SOURCES
db:CERT/CCid:VU#582384
db:VULHUBid:VHN-94643
db:VULHUBid:VHN-95097
db:BIDid:94819
db:NVDid:CVE-2016-582384

LAST UPDATE DATE
2024-09-09T23:07:10.052000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#582384date:2017-01-03T00:00:00
db:VULHUBid:VHN-94643date:2016-12-16T00:00:00
db:VULHUBid:VHN-95097date:2017-08-16T00:00:00
db:BIDid:94819date:2017-01-12T01:04:00
db:NVDid:CVE-2016-582384date:2023-11-07T02:32:52.900

SOURCES RELEASE DATE
db:CERT/CCid:VU#582384date:2016-12-09T00:00:00
db:VULHUBid:VHN-94643date:2016-12-14T00:00:00
db:VULHUBid:VHN-95097date:2016-12-14T00:00:00
db:BIDid:94819date:2016-12-09T00:00:00
db:NVDid:CVE-2016-582384date:2016-12-14T16:59:00.177