Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-582384 (GCVE-0-2016-582384)
Vulnerability from cvelistv5 – Published: 2016-12-14 16:00 – Updated: 2016-12-14 21:57
VLAI?
EPSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2016-12-14T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-582384",
"datePublished": "2016-12-14T16:00:00",
"dateRejected": "2016-12-14T21:57:01",
"dateReserved": "2016-12-14T00:00:00",
"dateUpdated": "2016-12-14T21:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage\"}]",
"id": "CVE-2016-582384",
"lastModified": "2023-11-07T02:32:52.900",
"published": "2016-12-14T16:59:00.177",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Rejected"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-582384\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-12-14T16:59:00.177\",\"lastModified\":\"2023-11-07T02:32:52.900\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage\"}],\"metrics\":{},\"references\":[]}}"
}
}
CERTFR-2016-AVI-430
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans les routeurs Netgear. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "R6900",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7900",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R8000",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6700",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "D6400",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "D6220",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6250",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7300DST",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7000",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7100LG",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6400",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6277"
},
{
"name": "CVE-2016-582384",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-582384"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-430",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eles routeurs\nNetgear\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les routeurs Netgear",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Netgear du 24 d\u00e9cembre 2016",
"url": "http://kb.netgear.com/000036386/CVE-2016-582384"
}
]
}
CERTFR-2016-AVI-430
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans les routeurs Netgear. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "R6900",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7900",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R8000",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6700",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "D6400",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "D6220",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6250",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7300DST",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7000",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7100LG",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6400",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6277"
},
{
"name": "CVE-2016-582384",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-582384"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-430",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eles routeurs\nNetgear\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les routeurs Netgear",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Netgear du 24 d\u00e9cembre 2016",
"url": "http://kb.netgear.com/000036386/CVE-2016-582384"
}
]
}
GSD-2016-582384
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-582384",
"description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"id": "GSD-2016-582384"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-582384"
],
"details": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"id": "GSD-2016-582384",
"modified": "2023-12-13T01:21:26.103081Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-582384",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
}
}
CERTFR-2016-ALE-010
Vulnerability from certfr_alerte - Published: - Updated:
Une vulnérabilité a été découverte dans les routeurs Netgear. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Description
Le 9 décembre 2016, Netgear a émis un avis de sécurité indiquant que
plusieurs de ses routeurs étaient vulnérables à une injection de
commande à distance.
Un attaquant non authentifié peut exploiter cette vulnérabilité à
distance si l'utilisateur se rend sur un site piégé.
Cela lui permet alors d'exécuter des commandes arbitraires avec les
privilèges les plus élevés (root).
A noter qu'un attaquant présent sur le réseau local peut directement
exploiter cette vulnérabilité.
Depuis le 24 décembre 2016, un correctif de sécurité est disponible pour le micrologiciel de chaque modèle vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation)
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "R6900",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7900",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R8000",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6700",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "D6400",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "D6220",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6250",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7300DST",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7000",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7100LG",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6400",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2016-12-26",
"content": "## Description\n\nLe 9 d\u00e9cembre 2016, Netgear a \u00e9mis un avis de s\u00e9curit\u00e9 indiquant que\nplusieurs de ses routeurs \u00e9taient vuln\u00e9rables \u00e0 une injection de\ncommande \u00e0 distance. \nUn attaquant non authentifi\u00e9 peut exploiter cette vuln\u00e9rabilit\u00e9 \u00e0\ndistance si l\u0027utilisateur se rend sur un site pi\u00e9g\u00e9. \nCela lui permet alors d\u0027ex\u00e9cuter des commandes arbitraires avec les\nprivil\u00e8ges les plus \u00e9lev\u00e9s (root). \nA noter qu\u0027un attaquant pr\u00e9sent sur le r\u00e9seau local peut directement\nexploiter cette vuln\u00e9rabilit\u00e9.\n\nDepuis le 24 d\u00e9cembre 2016, un correctif de s\u00e9curit\u00e9 est disponible pour\nle micrologiciel de chaque mod\u00e8le vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation)\n",
"cves": [
{
"name": "CVE-2016-582384",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-582384"
},
{
"name": "CVE-2016-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6277"
}
],
"links": [
{
"title": "CERT Carnegie Mellon",
"url": "https://www.kb.cert.org/vuls/id/582384"
},
{
"title": "Avis CERT-FR CERTFR-2016-AVI-430 Routeurs Netgear",
"url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-430/index.html"
}
],
"reference": "CERTFR-2016-ALE-010",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-13T00:00:00.000000"
},
{
"description": "mise \u00e0 jour de la liste des syst\u00e8mes affect\u00e9s et cl\u00f4ture de l\u0027alerte.",
"revision_date": "2016-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eles\nrouteurs Netgear\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance. \n",
"title": "Vuln\u00e9rabilit\u00e9 dans les routeurs Netgear",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Netgear du 09 d\u00e9cembre 2016",
"url": "http://kb.netgear.com/000036386/CVE-2016-582384"
}
]
}
CERTFR-2016-ALE-010
Vulnerability from certfr_alerte - Published: - Updated:
Une vulnérabilité a été découverte dans les routeurs Netgear. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Description
Le 9 décembre 2016, Netgear a émis un avis de sécurité indiquant que
plusieurs de ses routeurs étaient vulnérables à une injection de
commande à distance.
Un attaquant non authentifié peut exploiter cette vulnérabilité à
distance si l'utilisateur se rend sur un site piégé.
Cela lui permet alors d'exécuter des commandes arbitraires avec les
privilèges les plus élevés (root).
A noter qu'un attaquant présent sur le réseau local peut directement
exploiter cette vulnérabilité.
Depuis le 24 décembre 2016, un correctif de sécurité est disponible pour le micrologiciel de chaque modèle vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation)
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "R6900",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7900",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R8000",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6700",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "D6400",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "D6220",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6250",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7300DST",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7000",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R7100LG",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "R6400",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2016-12-26",
"content": "## Description\n\nLe 9 d\u00e9cembre 2016, Netgear a \u00e9mis un avis de s\u00e9curit\u00e9 indiquant que\nplusieurs de ses routeurs \u00e9taient vuln\u00e9rables \u00e0 une injection de\ncommande \u00e0 distance. \nUn attaquant non authentifi\u00e9 peut exploiter cette vuln\u00e9rabilit\u00e9 \u00e0\ndistance si l\u0027utilisateur se rend sur un site pi\u00e9g\u00e9. \nCela lui permet alors d\u0027ex\u00e9cuter des commandes arbitraires avec les\nprivil\u00e8ges les plus \u00e9lev\u00e9s (root). \nA noter qu\u0027un attaquant pr\u00e9sent sur le r\u00e9seau local peut directement\nexploiter cette vuln\u00e9rabilit\u00e9.\n\nDepuis le 24 d\u00e9cembre 2016, un correctif de s\u00e9curit\u00e9 est disponible pour\nle micrologiciel de chaque mod\u00e8le vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation)\n",
"cves": [
{
"name": "CVE-2016-582384",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-582384"
},
{
"name": "CVE-2016-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6277"
}
],
"links": [
{
"title": "CERT Carnegie Mellon",
"url": "https://www.kb.cert.org/vuls/id/582384"
},
{
"title": "Avis CERT-FR CERTFR-2016-AVI-430 Routeurs Netgear",
"url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-430/index.html"
}
],
"reference": "CERTFR-2016-ALE-010",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-13T00:00:00.000000"
},
{
"description": "mise \u00e0 jour de la liste des syst\u00e8mes affect\u00e9s et cl\u00f4ture de l\u0027alerte.",
"revision_date": "2016-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eles\nrouteurs Netgear\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance. \n",
"title": "Vuln\u00e9rabilit\u00e9 dans les routeurs Netgear",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Netgear du 09 d\u00e9cembre 2016",
"url": "http://kb.netgear.com/000036386/CVE-2016-582384"
}
]
}
FKIE_CVE-2016-582384
Vulnerability from fkie_nvd - Published: 2016-12-14 16:59 - Updated: 2023-11-07 02:32
Severity ?
Summary
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"
}
],
"id": "CVE-2016-582384",
"lastModified": "2023-11-07T02:32:52.900",
"metrics": {},
"published": "2016-12-14T16:59:00.177",
"references": [],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Rejected"
}
VAR-201612-0228
Vulnerability from variot - Updated: 2024-04-19 22:52Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Multiple Netgear Routers are prone to a remote command-injection vulnerability. Successfully exploiting this issue may allow an attacker to inject and execute arbitrary commands in the context of the affected device. The following routers are vulnerable: Netgear R7000 running firmware version 1.0.7.2_1.1.93 and prior. Netgear R6400 running firmware version 1.0.1.6_1.0.4 and prior. Netgear R8000 running firmware version 1.0.3.4_1.1.2. Security flaws exist in several NETGEAR routing products. An attacker can exploit this vulnerability to execute arbitrary code with the help of shell metacharacters
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0228",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r8000 1.0.3.4 1.1.2",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "r7000 1.0.7.2 1.1.93",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "r6400 1.0.1.6 1.0.4",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "94819"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chad Dougherty",
"sources": [
{
"db": "BID",
"id": "94819"
}
],
"trust": 0.3
},
"cve": "CVE-2016-582384",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-95097",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "VULHUB",
"id": "VHN-95097",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95097"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Multiple Netgear Routers are prone to a remote command-injection vulnerability. \nSuccessfully exploiting this issue may allow an attacker to inject and execute arbitrary commands in the context of the affected device. \nThe following routers are vulnerable:\nNetgear R7000 running firmware version 1.0.7.2_1.1.93 and prior. \nNetgear R6400 running firmware version 1.0.1.6_1.0.4 and prior. \nNetgear R8000 running firmware version 1.0.3.4_1.1.2. Security flaws exist in several NETGEAR routing products. An attacker can exploit this vulnerability to execute arbitrary code with the help of shell metacharacters",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-582384"
},
{
"db": "BID",
"id": "94819"
},
{
"db": "VULHUB",
"id": "VHN-94643"
},
{
"db": "VULHUB",
"id": "VHN-95097"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-95097",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95097"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-582384",
"trust": 1.5
},
{
"db": "CERT/CC",
"id": "VU#582384",
"trust": 0.4
},
{
"db": "BID",
"id": "94819",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-94643",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "41598",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "40889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141585",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-92571",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201612-432",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-95097",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94643"
},
{
"db": "VULHUB",
"id": "VHN-95097"
},
{
"db": "BID",
"id": "94819"
},
{
"db": "NVD",
"id": "CVE-2016-582384"
}
]
},
"id": "VAR-201612-0228",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94643"
},
{
"db": "VULHUB",
"id": "VHN-95097"
}
],
"trust": 0.99166665
},
"last_update_date": "2024-04-19T22:52:23.033000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.4,
"url": "http://www.kb.cert.org/vuls/id/582384"
},
{
"trust": 0.4,
"url": "http://kb.netgear.com/000036386/cve-2016-582384"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/94819"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/40889/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/41598/"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/155712/netgear-r6400-remote-code-execution.html"
},
{
"trust": 0.1,
"url": "http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/"
},
{
"trust": 0.1,
"url": "https://kalypto.org/research/netgear-vulnerability-expanded/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95097"
},
{
"db": "BID",
"id": "94819"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94643"
},
{
"db": "VULHUB",
"id": "VHN-95097"
},
{
"db": "BID",
"id": "94819"
},
{
"db": "NVD",
"id": "CVE-2016-582384"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-94643"
},
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-95097"
},
{
"date": "2016-12-09T00:00:00",
"db": "BID",
"id": "94819"
},
{
"date": "2016-12-14T16:59:00.177000",
"db": "NVD",
"id": "CVE-2016-582384"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-94643"
},
{
"date": "2017-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-95097"
},
{
"date": "2017-01-12T01:04:00",
"db": "BID",
"id": "94819"
},
{
"date": "2023-11-07T02:32:52.900000",
"db": "NVD",
"id": "CVE-2016-582384"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "94819"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Netgear Routers VU#582384 Remote Command Injection Vulnerability",
"sources": [
{
"db": "BID",
"id": "94819"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "94819"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…