Lucene search
K

6 matches found

VulnCheck KEV
VulnCheck KEV
added 2020/01/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-6334

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands...

9CVSS7.6AI score0.72199EPSS
Exploits11References1
NVD
NVD
added 2017/03/15 2:59 p.m.25 views

CVE-2017-6366

Cross-site request forgery CSRF vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the hostname parameter to dnslookup.cgi. NOTE: this issue can be combined with...

8.8CVSS9.3AI score0.03474EPSS
Exploits4References1
Cvelist
Cvelist
added 2017/03/06 2:0 a.m.36 views

CVE-2017-6334

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the hostname field of an HTTP POST request, a different vulnerability than CVE-2017-6077...

9.3AI score0.72199EPSS
Exploits11References4
OSV
OSV
added 2017/02/22 11:59 p.m.2 views

CVE-2017-6077

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the pingIPAddr field of an HTTP POST request...

9.8CVSS6.1AI score0.68201EPSS
Exploits5References3
Positive Technologies
Positive Technologies
added 2017/02/22 12:0 a.m.5 views

PT-2017-4247 · NetGear · Netgear Dgn2200

Name of the Vulnerable Software and Affected Versions: NETGEAR DGN2200 devices with firmware through 10.0.0.50 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This can be exploited by a remote attacker to execute arbitrary ...

10CVSS7.9AI score0.72199EPSS
Exploits11References9
ATTACKERKB
ATTACKERKB
added 2017/02/22 12:0 a.m.29 views

CVE-2017-6077

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the pingIPAddr field of an HTTP POST request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attack...

10CVSS9.3AI score0.68201EPSS
In wildExploits5References4
Rows per page
Query Builder