Vulnerability Details CVE-2017-6334
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.911
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
Proposed Action
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands
Ransomware Campaign
Unknown
References
- http://www.securityfocus.com/bid/96463
- https://www.exploit-db.com/exploits/41459/
- https://www.exploit-db.com/exploits/41472/
- https://www.exploit-db.com/exploits/42257/
- http://www.securityfocus.com/bid/96463
- https://www.exploit-db.com/exploits/41459/
- https://www.exploit-db.com/exploits/41472/
- https://www.exploit-db.com/exploits/42257/
Products affected by CVE-2017-6334
-
cpe:2.3:h:netgear:dgn2200v1:-
-
cpe:2.3:h:netgear:dgn2200v2:-
-
cpe:2.3:h:netgear:dgn2200v3:-
-
cpe:2.3:h:netgear:dgn2200v4:-
-
cpe:2.3:o:netgear:dgn2200_series_firmware:-
-
cpe:2.3:o:netgear:dgn2200_series_firmware:10.0.0.50