1 results (0.003 seconds)
CVSS: 9.0EPSS: 91%CPEs: 5EXPL: 5
CVSS: 9.0EPSS: 91%CPEs: 5EXPL: 5CVE-2017-6334 – NETGEAR DGN2200 Devices OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2017-6334
26 Feb 2017 — dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. Dnslookup.cgi en dispositivos NETGEAR DGN2200 con firmware hasta la versión 10.0.0.50 permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios a través de metacaracteres shell en el campo del nombre de host de una solicitud HTTP POST... • https://packetstorm.news/files/id/143128 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •