CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2017-6077

CVSS 9.8v3.1pub. 2017-02-22upd. 2026-04-21

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Dgn2200

    HW
    Netgear
    wszystkie wersje
  • Netgear Dgn2200 Firmware

    OS
    Netgear
    ≤ 10.0.0.50

CISA KEV — detailsi

Vendori
NETGEAR
Producti
Wireless Router DGN2200
Added to KEVi
March 7, 2022
Remediation deadline (US Federal)i
September 7, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 7 września 2022
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2021-38516CRITICAL10.0ten sam produkt

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 befor...

CVE-2019-17373CRITICAL9.8ten sam produkt

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending wi...

CVE-2016-5649CRITICAL9.8ten sam produkt

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, an...

CVE-2024-57046HIGH8.8ten sam produkt

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized...

CVE-2020-35785HIGH8.3ten sam produkt

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, a...