Netgear DGN2200B pppoe.cgi Remote Command Execution

Type metasploit
Reporter Rapid7
Modified 2017-07-24T13:26:21


Some Netgear Routers are vulnerable to an authenticated OS command injection on their web interface. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This module overwrites parts of the PPOE configuration, while the module tries to restore it after exploitation configuration backup is recommended.