CVE-2016-582384

Name of the Vulnerable Software and Affected Versions NETGEAR R6250 versions 1.0.0 through 1.0.4.6.Beta NETGEAR R6400 versions 1.0.0 through 1.0.1.18.Beta NETGEAR R6700 versions 1.0.0 through 1.0.1.14.Beta NETGEAR R6900 version 1.0.0 NETGEAR R7000 versions 1.0.0 through 1.0.7.6.Beta NETGEAR R7100LG versions 1.0.0 through 1.0.0.28.Beta NETGEAR R7300DST versions 1.0.0 through 1.0.0.46.Beta NETGEAR R7900 versions 1.0.0 through 1.0.1.8.Beta NETGEAR R8000 versions 1.0.0 through 1.0.3.26.Beta NETGEAR D6220 version 1.0.0 NETGEAR D6400 version 1.0.0 NETGEAR D7000 version 1.0.0

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the path info to "cgi-bin/".

Recommendations For NETGEAR R6250 versions 1.0.0 through 1.0.4.6.Beta, update to version 1.0.4.6.Beta or later. For NETGEAR R6400 versions 1.0.0 through 1.0.1.18.Beta, update to version 1.0.1.18.Beta or later. For NETGEAR R6700 versions 1.0.0 through 1.0.1.14.Beta, update to version 1.0.1.14.Beta or later. For NETGEAR R6900 version 1.0.0, update to a newer version. For NETGEAR R7000 versions 1.0.0 through 1.0.7.6.Beta, update to version 1.0.7.6.Beta or later. For NETGEAR R7100LG versions 1.0.0 through 1.0.0.28.Beta, update to version 1.0.0.28.Beta or later. For NETGEAR R7300DST versions 1.0.0 through 1.0.0.46.Beta, update to version 1.0.0.46.Beta or later. For NETGEAR R7900 versions 1.0.0 through 1.0.1.8.Beta, update to version 1.0.1.8.Beta or later. For NETGEAR R8000 versions 1.0.0 through 1.0.3.26.Beta, update to version 1.0.3.26.Beta or later. For NETGEAR D6220 version 1.0.0, update to a newer version. For NETGEAR D6400 version 1.0.0, update to a newer version. For NETGEAR D7000 version 1.0.0, update to a newer version.