Back to CVE Browser

CVE-2016-6277

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score80.1910%

EPSS Percentile97.20th

PublishedDec 14, 2016

Last ModifiedApr 21, 2026

Vulnerability Description

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

Affected Platforms (CPE)

💻

Netgear

D6220 Firmware

<= 1.0.0.22

💻

Netgear

D6400 Firmware

<= 1.0.0.56

💻

Netgear

R6250 Firmware

<= 1.0.4.6_10.1.12

💻

Netgear

R6400 Firmware

<= 1.0.1.18

💻

Netgear

R6700 Firmware

<= 1.0.1.14

💻

Netgear

R6900 Firmware

<= 1.0.1.14

💻

Netgear

R7000 Firmware

<= 1.0.7.2_1.1.93

💻

Netgear

R7100lg Firmware

<= 1.0.0.28

💻

Netgear

R7300dst Firmware

<= 1.0.0.46

💻

Netgear

R7900 Firmware

<= 1.0.1.8

💻

Netgear

R8000 Firmware

<= 1.0.3.26

References & Advisories

🔗 http://kb.netgear.com/000036386/CVE-2016-582384

🔗 http://packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.html

🔗 http://www.securityfocus.com/bid/94819

🔗 http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/

🔗 https://kalypto.org/research/netgear-vulnerability-expanded/

🔗 https://www.exploit-db.com/exploits/40889/

🔗 https://www.exploit-db.com/exploits/41598/

🔗 https://www.kb.cert.org/vuls/id/582384

Related Vulnerabilities

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...

CVE-2026-121886.3

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules...