VulnCheck KEV: CVE-2017-6334

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands...

Netgear DGN2200 dnslookup.cgi Command Injection Vulnerability

The NETGEAR DGN2200 is an ADSL router device. A command injection vulnerability exists in Netgear DGN2200 dnslookup.cgi. This module allows attackers to exploit the vulnerability to inject arbitrary commands by sending a specially crafted publish request with valid login details...

CVE-2017-6366

Cross-site request forgery CSRF vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the hostname parameter to dnslookup.cgi. NOTE: this issue can be combined with...

CVE-2017-6334

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the hostname field of an HTTP POST request, a different vulnerability than CVE-2017-6077...

Cross site request forgery (csrf)

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the hostname field of an HTTP POST request, a different vulnerability than CVE-2017-6077...

Netgear DGN2201 dnslookup.cgi Remote Command Execution Vulnerability

The Netgear DGN2201 is a popular wireless router device. A remote command execution vulnerability exists in Netgear DGN2201 dnslookup.cgi, which can be exploited by an attacker to gain administrator privileges...

PT-2017-4247 · NetGear · Netgear Dgn2200

Name of the Vulnerable Software and Affected Versions: NETGEAR DGN2200 devices with firmware through 10.0.0.50 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This can be exploited by a remote attacker to execute arbitrary ...