Vulnerability Note VU#582384 – Multiple Netgear routers are vulnerable to arbitrary command injection

R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, D6400, and D7000 contain an unauthenticated command injection vulnerability that may be executed directly or via cross-domain requests. Known affected firmware versions include Netgear R7000 version 1.0.7.2_1.1.93, R6400 version 1.0.1.12_1.0.11, and R8000 version 1.0.3.4_1.1.2. Earlier versions may also be affected. The command injection vulnerability has been assigned CVE-2016-6277.

https://www.kb.cert.org/vuls/id/582384

~ by Nick on December 17, 2016.