CVE-2017-6366
Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.
Vulnerabilidad de CSRF en routers NETGEAR DGN2200 con firmware 10.0.0.20 hasta la versión 10.0.0.50 permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que realizan búsquedas DNS a través del parámetro host_name a dnslookup.cgi. NOTA: este problema se puede combinar con CVE-2017-6334 para ejecutar código arbitrario de forma remota.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-02-28 CVE Reserved
- 2017-03-15 CVE Published
- 2024-01-04 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/41472 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netgear Search vendor "Netgear" | Dgn2200 Firmware Search vendor "Netgear" for product "Dgn2200 Firmware" | <= 10.0.0.50 Search vendor "Netgear" for product "Dgn2200 Firmware" and version " <= 10.0.0.50" | - |
Affected
| in | Netgear Search vendor "Netgear" | Dgn2200v1 Search vendor "Netgear" for product "Dgn2200v1" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Dgn2200 Firmware Search vendor "Netgear" for product "Dgn2200 Firmware" | <= 10.0.0.50 Search vendor "Netgear" for product "Dgn2200 Firmware" and version " <= 10.0.0.50" | - |
Affected
| in | Netgear Search vendor "Netgear" | Dgn2200v2 Search vendor "Netgear" for product "Dgn2200v2" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Dgn2200 Firmware Search vendor "Netgear" for product "Dgn2200 Firmware" | <= 10.0.0.50 Search vendor "Netgear" for product "Dgn2200 Firmware" and version " <= 10.0.0.50" | - |
Affected
| in | Netgear Search vendor "Netgear" | Dgn2200v3 Search vendor "Netgear" for product "Dgn2200v3" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Dgn2200 Firmware Search vendor "Netgear" for product "Dgn2200 Firmware" | <= 10.0.0.50 Search vendor "Netgear" for product "Dgn2200 Firmware" and version " <= 10.0.0.50" | - |
Affected
| in | Netgear Search vendor "Netgear" | Dgn2200v4 Search vendor "Netgear" for product "Dgn2200v4" | - | - |
Safe
|