Netgear DGN2200B pppoe.cgi Remote Command Execution

2013-04-03T08:32:52
ID MSF:EXPLOIT/LINUX/HTTP/NETGEAR_DGN2200B_PPPOE_EXEC
Type metasploit
Reporter Rapid7
Modified 2017-07-24T13:26:21

Description

Some Netgear Routers are vulnerable to an authenticated OS command injection on their web interface. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This module overwrites parts of the PPOE configuration, while the module tries to restore it after exploitation configuration backup is recommended.