CVE-2016-6277
Description
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
93.986
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-6277 ,CVE-2017-18849 ,CVE-2017-18850 are affected in d6220_firmware 1.0.0.22 | NCM |
| Vulnerabilities CVE-2016-6277 ,CVE-2017-18700 are affected in d6400_firmware 1.0.0.56 | NCM |
| Vulnerabilities CVE-2016-6277 ,CVE-2017-18741 ,CVE-2017-18789 are affected in r6250_firmware 1.0.4.6_10.1.12 | NCM |
| Vulnerabilities CVE-2016-6277 are affected in r6400_firmware 1.0.1.18 | NCM |
| Vulnerabilities CVE-2016-6277 are affected in r6700_firmware 1.0.1.14 | NCM |
| Vulnerabilities CVE-2016-6277 are affected in r6900_firmware 1.0.1.14 | NCM |
| Vulnerabilities CVE-2016-6277 are affected in r7000_firmware 1.0.7.2_1.1.93 | NCM |
| Vulnerabilities CVE-2016-6277 are affected in r7100lg_firmware 1.0.0.28 | NCM |
| Vulnerabilities CVE-2016-6277 are affected in r7300dst_firmware 1.0.0.46 | NCM |
| Vulnerabilities CVE-2016-6277 are affected in r7900_firmware 1.0.1.8 | NCM |
| Vulnerabilities CVE-2016-6277 are affected in r8000_firmware 1.0.3.26 | NCM |
| Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6277) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234