Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-6366

CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

8.8HIGH

EPSS

0.2%

top 52.02%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netgear Dgn2200 Firmware

Timeline

PublishedMar 15

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDnetgear/dgn2200_firmware10.0.0.50

🔴Vulnerability Details

GHSA

GHSA-f99c-gfmc-7mwv: Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10↗2022-05-17

▶

CVEList

CVE-2017-6366: Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10↗2017-03-15

▶

💥Exploits & PoCs

Exploit-DB

Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery↗2017-02-28

▶