Vulnerability Details CVE-2017-6077
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.898
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.
Ransomware Campaign
Unknown
References
Products affected by CVE-2017-6077
-
cpe:2.3:h:netgear:dgn2200:-
-
cpe:2.3:o:netgear:dgn2200_firmware:-
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.102
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.106
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.108
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.110
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.55
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.58
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.60
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.82
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.86
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.94
-
cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.96
-
cpe:2.3:o:netgear:dgn2200_firmware:10.0.0.50