{"id":7923,"date":"2025-07-10T09:24:43","date_gmt":"2025-07-10T09:24:43","guid":{"rendered":"http:\/\/localhost\/?p=7923"},"modified":"2025-07-10T09:24:43","modified_gmt":"2025-07-10T09:24:43","slug":"netgear-d6400-diagcgi-os-command-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7923","title":{"rendered":"Netgear D6400 diag.cgi os command injection"},"content":{"rendered":"<div style=\"font-family: Arial, sans-serif; max-width: 1200px; margin: 0 auto;\">\n<h2 style=\"color: #333; border-bottom: 2px solid #ffcc00; padding-bottom: 10px;\">CVE Details<\/h2>\n<div style=\"display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 20px; margin-bottom: 20px;\">\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1);\">\n<h3 style=\"margin-top: 0; \">Basic Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Title<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Netgear D6400 diag.cgi os command injection<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Type<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">cve<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Published<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">2025-07-10T13:32:05.867Z<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Modified<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">2025-07-10T13:32:05.867Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1);\">\n<h3 style=\"margin-top: 0; \">Product Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Vendor<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Netgear<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Product<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">D6400<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Version<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">1.0.0.114<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); margin-bottom: 20px;\">\n<h3 style=\"margin-top: 0; \">CVSS Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Base Score<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd; color: #ffcc00; font-weight: bold;\">5.3 (MEDIUM)<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Attack Vector<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); margin-bottom: 20px;\">\n<h3 style=\"margin-top: 0; \">AI Analysis<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">AI Description<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">A critical vulnerability in Netgear D6400 firmware version 1.0.0.114 allows remote OS command injection via the diag.cgi file, specifically through the host_name argument. This vulnerability is publicly exploitable and affects unsupported products.<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">AI Severity<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Medium<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">AI Vendor<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Netgear<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">AI Product<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Netgear D6400<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">AI Version<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">1.0.0.114<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div style=\"padding: 15px; border-radius: 5px; margin-bottom: 20px;\">\n<h4 style=\"margin-top: 0; \">Affected Products<\/h4>\n<ul style=\"margin: 0; padding-left: 20px;\">\n<li>Netgear D6400 1.0.0.114<\/li>\n<\/ul>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); margin-bottom: 20px;\">\n<h3 style=\"margin-top: 0; \">Additional Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">CWE List<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">CWE-78, CWE-77<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Source<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">VulDB<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); margin-bottom: 20px;\">\n<h3 style=\"margin-top: 0; \">Description<\/h3>\n<div style=\"padding: 15px; border-left: 4px solid #4CAF50; \">A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer.<\/div>\n<\/div>\n<div style=\"padding: 15px; border-radius: 5px; margin-bottom: 20px;\">\n<h4 style=\"margin-top: 0; \">References<\/h4>\n<ul style=\"margin: 0; padding-left: 20px;\">\n<li><a href=\"https:\/\/vuldb.com\/?id.315867\" target=\"_blank\">https:\/\/vuldb.com\/?id.315867<\/a><\/li>\n<li><a href=\"https:\/\/vuldb.com\/?ctiid.315867\" target=\"_blank\">https:\/\/vuldb.com\/?ctiid.315867<\/a><\/li>\n<li><a href=\"https:\/\/vuldb.com\/?submit.603668\" target=\"_blank\">https:\/\/vuldb.com\/?submit.603668<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/wudipjq\/my_vuln\/blob\/main\/Netgear7\/vuln_66\/66.md\" target=\"_blank\">https:\/\/github.com\/wudipjq\/my_vuln\/blob\/main\/Netgear7\/vuln_66\/66.md<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/wudipjq\/my_vuln\/blob\/main\/Netgear7\/vuln_66\/66.md#poc\" target=\"_blank\">https:\/\/github.com\/wudipjq\/my_vuln\/blob\/main\/Netgear7\/vuln_66\/66.md#poc<\/a><\/li>\n<li><a href=\"https:\/\/www.netgear.com\/\" target=\"_blank\">https:\/\/www.netgear.com\/<\/a><\/li>\n<\/ul>\n<\/div>\n<div style=\"text-align: center; margin-top: 30px;\">\n<a href=\"\" target=\"_blank\" style=\"display: inline-block; background-color: #4CAF50; color: white; padding: 12px 24px; text-decoration: none; border-radius: 4px; font-weight: bold; transition: background-color 0.3s;\">View Full CVE Details<\/a>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>CVE Details Basic Information Title Netgear D6400 diag.cgi os command injection Type cve Published 2025-07-10T13:32:05.867Z Modified 2025-07-10T13:32:05.867Z Product Information Vendor Netgear Product D6400 Version 1.0.0.114&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,22,12,21,13,7,11,5],"class_list":["post-7923","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-53","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Netgear D6400 diag.cgi os command injection - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=7923\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Netgear D6400 diag.cgi os command injection - zero redgem\" \/>\n<meta property=\"og:description\" content=\"CVE Details Basic Information Title Netgear D6400 diag.cgi os command injection Type cve Published 2025-07-10T13:32:05.867Z Modified 2025-07-10T13:32:05.867Z Product Information Vendor Netgear Product D6400 Version 1.0.0.114...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=7923\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-10T09:24:43+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7923#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7923\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Netgear D6400 diag.cgi os command injection\",\"datePublished\":\"2025-07-10T09:24:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7923\"},\"wordCount\":262,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.3\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7923#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7923\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7923\",\"name\":\"Netgear D6400 diag.cgi os command injection - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-07-10T09:24:43+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7923#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7923\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7923#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Netgear D6400 diag.cgi os command injection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Netgear D6400 diag.cgi os command injection - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=7923","og_locale":"en_US","og_type":"article","og_title":"Netgear D6400 diag.cgi os command injection - zero redgem","og_description":"CVE Details Basic Information Title Netgear D6400 diag.cgi os command injection Type cve Published 2025-07-10T13:32:05.867Z Modified 2025-07-10T13:32:05.867Z Product Information Vendor Netgear Product D6400 Version 1.0.0.114...","og_url":"https:\/\/zero.redgem.net\/?p=7923","og_site_name":"zero redgem","article_published_time":"2025-07-10T09:24:43+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=7923#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=7923"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Netgear D6400 diag.cgi os command injection","datePublished":"2025-07-10T09:24:43+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=7923"},"wordCount":262,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.3","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=7923#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=7923","url":"https:\/\/zero.redgem.net\/?p=7923","name":"Netgear D6400 diag.cgi os command injection - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-07-10T09:24:43+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=7923#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=7923"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=7923#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Netgear D6400 diag.cgi os command injection"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7923"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7923\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}