What is CVE-2016-6277?

CVE-2016-6277 is a vulnerability in N/a. Published 2016-12-14.

Is CVE-2016-6277 known to be exploited?

Yes. CVE-2016-6277 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-03-07), indicating it is being actively exploited. 20 public proof-of-concept repositories are indexed.

Vulnerability in N/a

CVE-2016-6277

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta…

EPSS: 0.943 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2022-03-07. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2022-09-07.

Required action: Apply updates per vendor instructions.

Public proof-of-concept exploits

References

40889 (exploit, x_refsource_EXPLOIT-DB)
41598 (exploit, x_refsource_EXPLOIT-DB)
kb.netgear.com/000036386/CVE-2016-582384 (x_refsource_CONFIRM)
www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r64… (x_refsource_MISC)
VU#582384 (x_refsource_CERT-VN, third-party-advisory)
94819 (vdb-entry, x_refsource_BID)
kalypto.org/research/netgear-vulnerability-expanded/ (x_refsource_MISC)
packetstormsecurity.com/files/155712/Netgear-R6400-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2016-6277?: CVE-2016-6277 is a vulnerability in N/a. Published 2016-12-14.
Is CVE-2016-6277 known to be exploited?: Yes. CVE-2016-6277 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-03-07), indicating it is being actively exploited. 20 public proof-of-concept repositories are indexed.