CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2017-6366 – Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-6366
15 Mar 2017 — Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely. Vulnerabilidad de CSRF en routers NETGEAR DGN2200 con firmware 10.0.0.20 hasta la versión 10.0.0.50 permite a atacantes remotos secuestrar la autenticación de us... • https://www.exploit-db.com/exploits/41472 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 91%CPEs: 5EXPL: 5CVE-2017-6334 – NETGEAR DGN2200 Devices OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2017-6334
26 Feb 2017 — dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. Dnslookup.cgi en dispositivos NETGEAR DGN2200 con firmware hasta la versión 10.0.0.50 permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios a través de metacaracteres shell en el campo del nombre de host de una solicitud HTTP POST... • https://packetstorm.news/files/id/143128 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •