CVE-2016-6277 PoC — 多款NETGEAR路由产品跨站请求伪造漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2016/CVE-2016-6277.yaml

Associated Vulnerability

Title:多款NETGEAR路由产品跨站请求伪造漏洞 (CVE-2016-6277)
Description:NETGEAR R6250等都是美国网件（NETGEAR）公司的一款无线路由器。多款NETGEAR路由产品中存在安全漏洞。攻击者可借助shell元字符利用该漏洞执行任意代码。以下产品受到影响：Netgear R6250 1.0.4.6.Beta之前的版本，R6400 1.0.1.18.Beta之前的版本，R6700 1.0.1.14.Beta之前的版本，R6900 1.0.7.6.Beta之前的版本，R7000 1.0.7.6.Beta之前的版本，R7100LG 1.0.0.28.Beta之前的版本，R

Description

NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

File Snapshot


 id: CVE-2016-6277

info:
  name: NETGEAR Routers - Remote Code Execution
  author: pikpikcu
  severi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!