CVE-2017-6077
CVE-2017-6077
In short
A vulnerability in NETGEAR DGN2200 routers allows authenticated users to run dangerous commands on the device by injecting shell code into a ping tool. This can let attackers take full control of the router.
Technical detail
CWE-78 command injection in ping.cgi via the ping_IPAddr parameter in HTTP POST requests allows authenticated attackers to execute arbitrary OS commands on affected NETGEAR DGN2200 devices running firmware ≤10.0.0.50. The vulnerability exploits insufficient input validation of shell metacharacters, enabling complete system compromise.
Summary generated and translated by AI from the official description.
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/41394/unverifiedexploitdbwww.exploit-db.com/exploits/41394unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →