var-201612-0228
Vulnerability from variot
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Netgear R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection. Multiple Netgear Routers are prone to a remote command-injection vulnerability. Successfully exploiting this issue may allow an attacker to inject and execute arbitrary commands in the context of the affected device. Netgear R6400 running firmware version 1.0.1.6_1.0.4 and prior. Netgear R8000 running firmware version 1.0.3.4_1.1.2. Security flaws exist in several NETGEAR routing products. An attacker can exploit this vulnerability to execute arbitrary code with the help of shell metacharacters
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0228",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netgear",
"version": null
},
{
"model": "r8000 1.0.3.4 1.1.2",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "r7000 1.0.7.2 1.1.93",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "r6400 1.0.1.6 1.0.4",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#582384"
},
{
"db": "BID",
"id": "94819"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chad Dougherty",
"sources": [
{
"db": "BID",
"id": "94819"
}
],
"trust": 0.3
},
"cve": "CVE-2016-582384",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 7.0,
"exploitability": "HIGH",
"exploitabilityScore": 8.6,
"id": "CVE-2016-6277",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-95097",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6277",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-95097",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#582384"
},
{
"db": "VULHUB",
"id": "VHN-95097"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Netgear R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection. Multiple Netgear Routers are prone to a remote command-injection vulnerability. \nSuccessfully exploiting this issue may allow an attacker to inject and execute arbitrary commands in the context of the affected device. \nNetgear R6400 running firmware version 1.0.1.6_1.0.4 and prior. \nNetgear R8000 running firmware version 1.0.3.4_1.1.2. Security flaws exist in several NETGEAR routing products. An attacker can exploit this vulnerability to execute arbitrary code with the help of shell metacharacters",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-582384"
},
{
"db": "CERT/CC",
"id": "VU#582384"
},
{
"db": "BID",
"id": "94819"
},
{
"db": "VULHUB",
"id": "VHN-94643"
},
{
"db": "VULHUB",
"id": "VHN-95097"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/582384",
"trust": 0.8,
"type": "unknown"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-95097",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#582384"
},
{
"db": "VULHUB",
"id": "VHN-95097"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-582384",
"trust": 2.3
},
{
"db": "CERT/CC",
"id": "VU#582384",
"trust": 1.2
},
{
"db": "EXPLOIT-DB",
"id": "40889",
"trust": 0.9
},
{
"db": "BID",
"id": "94819",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-94643",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "41598",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141585",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-92571",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201612-432",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-95097",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#582384"
},
{
"db": "VULHUB",
"id": "VHN-94643"
},
{
"db": "VULHUB",
"id": "VHN-95097"
},
{
"db": "BID",
"id": "94819"
},
{
"db": "NVD",
"id": "CVE-2016-582384"
}
]
},
"id": "VAR-201612-0228",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94643"
},
{
"db": "VULHUB",
"id": "VHN-95097"
}
],
"trust": 1.012499975
},
"last_update_date": "2024-09-09T23:07:10.052000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://kb.netgear.com/000036386/cve-2016-582384"
},
{
"trust": 0.9,
"url": "https://www.exploit-db.com/exploits/40889/"
},
{
"trust": 0.9,
"url": "http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/"
},
{
"trust": 0.9,
"url": "https://kalypto.org/research/netgear-vulnerability-expanded/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.4,
"url": "http://www.kb.cert.org/vuls/id/582384"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/94819"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/41598/"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/155712/netgear-r6400-remote-code-execution.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#582384"
},
{
"db": "VULHUB",
"id": "VHN-95097"
},
{
"db": "BID",
"id": "94819"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#582384"
},
{
"db": "VULHUB",
"id": "VHN-94643"
},
{
"db": "VULHUB",
"id": "VHN-95097"
},
{
"db": "BID",
"id": "94819"
},
{
"db": "NVD",
"id": "CVE-2016-582384"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-09T00:00:00",
"db": "CERT/CC",
"id": "VU#582384"
},
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-94643"
},
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-95097"
},
{
"date": "2016-12-09T00:00:00",
"db": "BID",
"id": "94819"
},
{
"date": "2016-12-14T16:59:00.177000",
"db": "NVD",
"id": "CVE-2016-582384"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-03T00:00:00",
"db": "CERT/CC",
"id": "VU#582384"
},
{
"date": "2016-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-94643"
},
{
"date": "2017-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-95097"
},
{
"date": "2017-01-12T01:04:00",
"db": "BID",
"id": "94819"
},
{
"date": "2023-11-07T02:32:52.900000",
"db": "NVD",
"id": "CVE-2016-582384"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "94819"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Netgear routers are vulnerable to arbitrary command injection",
"sources": [
{
"db": "CERT/CC",
"id": "VU#582384"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "94819"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…