module

Netgear Devices Unauthenticated Remote Command Execution

Disclosed	Created
Feb 25, 2016	Mar 19, 2019

Disclosed

Feb 25, 2016

Created

Mar 19, 2019

Description

From the CVE-2016-1555 page: (1) boardData102.php, (2) boardData103.php,
(3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in
Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350,
WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute
arbitrary commands.

Authors

Daming Dominic Chen ddchen@cs.cmu.edu
Imran Dawoodjee imrandawoodjee.infosec@gmail.com

Platform

Linux

Architectures

mipsbe

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/linux/http/netgear_unauth_exec
    msf exploit(netgear_unauth_exec) > show targets
        ...targets...
    msf exploit(netgear_unauth_exec) > set TARGET < target-id >
    msf exploit(netgear_unauth_exec) > show options
        ...show and set options...
    msf exploit(netgear_unauth_exec) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today