NETGEAR Support

Security Advisory for CVE-2016-6277, PSV-2016-0245

Was this article helpful?   Yes     No

NETGEAR is aware of the security issue CVE-2016-6277 (formerly designated VU #582384) that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system.

NETGEAR has completed testing on the latest firmware versions of its entire currently shipping WiFi router portfolio for this vulnerability. To NETGEAR’s knowledge, the models below are the only affected models.

NETGEAR has tested the following products and confirmed that they are vulnerable:

All products now have production firmware fixes available.

  • R6250
  • R6400
  • R6700
  • R6900
  • R7000
  • R7100LG
  • R7300DST
  • R7900
  • R8000
  • D6220
  • D6400

The D7000 was previously included in a list of models that were affected by this security vulnerability. However, NETGEAR has tested and confirmed that the D7000 is not affected by this command injection vulnerability.

Production firmware is available for all affected models. Even if you have already downloaded the beta firmware fix for your model, NETGEAR strongly recommends that all users download the production firmware as soon as possible. If you do not upgrade your firmware to the production version, the potential for this command injection vulnerability remains.

To download the production firmware, which fixes the command injection vulnerability, visit the firmware release page for your model and follow the instructions:

NETGEAR is not responsible for any consequences that could have been avoided by upgrading to production firmware as recommended in this notification.

We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.

It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.

To report a security vulnerability, visit https://bugcrowd.com/netgear

If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at [email protected]

For all other issues, visit http://www.netgear.com/about/security/.

The [email protected] email address is no longer accepting messages and is no longer actively monitored. 

Last Updated:03/10/2023 | Article ID: 000036386

Was this article helpful?

Yes No

This article applies to:

 How to Find Your Model Number

Read this article in another language:

Looking for more about your product?

Get information, documentation, videos and more for your specific product.

Can’t find what you’re looking for?

Quick and easy solutions are available for you in the NETGEAR community.

Ask the Community

Need to Contact NETGEAR Support?

With NETGEAR’s round-the-clock premium support, help is just a phone call away.

See Support Options

Complimentary Support

NETGEAR provides complimentary technical support for NETGEAR products for 90 days from the original date of purchase.

Contact Support

NETGEAR Premium Support

GearHead Support for Home Users

GearHead Support is a technical support service for NETGEAR devices and all other connected devices in your home. Advanced remote support tools are used to fix issues on any of your devices. The service includes support for the following:

  • Desktop and Notebook PCs, Wired and Wireless Routers, Modems, Printers, Scanners, Fax Machines, USB devices and Sound Cards
  • Windows Operating Systems (2000, XP or Vista), MS Word, Excel, PowerPoint, Outlook and Adobe Acrobat
  • Anti-virus and Anti-Spyware: McAfee, Norton, AVG, eTrust and BitDefender
Learn More
ProSUPPORT Services for Business Users

NETGEAR ProSUPPORT services are available to supplement your technical support and warranty entitlements. NETGEAR offers a variety of ProSUPPORT services that allow you to access NETGEAR's expertise in a way that best meets your needs:

  • Product Installation
  • Professional Wireless Site Survey
  • Defective Drive Retention (DDR) Service
Learn More

Where to Find Your Model Number

To find the model/version number, check the bottom or back panel of your NETGEAR device.

Select a product or category below for specific instructions.

N Routers

Nighthawk Routers

Powerline and Wall Plug Extenders

Cable and DSL Modem Routers

ReadyNAS Network Storage

Switches

Wireless Access Points

Other Business Products

Mobile Broadband