Vulnerability Description
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Dgn2200 Series Firmware | <= 10.0.0.50 |
| Netgear | Dgn2200V1 | - |
| Netgear | Dgn2200V2 | - |
| Netgear | Dgn2200V3 | - |
| Netgear | Dgn2200V4 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96463Broken LinkThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/41459/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/41472/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/42257/ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/96463Broken LinkThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/41459/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/41472/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/42257/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-US Government Resource
FAQ
What is CVE-2017-6334?
CVE-2017-6334 is a vulnerability with a CVSS score of 8.8 (HIGH). dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP P...
How severe is CVE-2017-6334?
CVE-2017-6334 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6334?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Dgn2200 Series Firmware, Netgear Dgn2200V1, Netgear Dgn2200V2, Netgear Dgn2200V3, Netgear Dgn2200V4.