CVSS: 9.0EPSS: 96%CPEs: 5EXPL: 3CVE-2017-6334 – NETGEAR DGN2200 Devices OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2017-6334
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. Dnslookup.cgi en dispositivos NETGEAR DGN2200 con firmware hasta la versión 10.0.0.50 permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios a través de metacaracteres shell en el campo del nombre de host de una solicitud HTTP POST, una vulnerabilidad diferente a CVE-2017-6077. Netgear DGN2200 versions 1, 2, 3, and 4 suffer from a non-administrative authenticated remote command execution vulnerability via dnslookup.cgi. dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands • https://www.exploit-db.com/exploits/42257 https://www.exploit-db.com/exploits/41459 https://www.exploit-db.com/exploits/41472 http://www.securityfocus.com/bid/96463 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •