An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XNetgear Dgn2200b
HWNetgearwszystkie wersjeNetgear Dgn2200b Firmware
OSNetgear≤ 1.1.0.36
Related vulnerabilities
Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before...
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before ...
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D...
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D1500 before 1.0.0.2...
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 befor...