CVE-2017-6366

HIGH

Netgear Dgn2200 Firmware < 10.0.0.50 - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.

Exploits (1)

exploitdb WORKING POC

by SivertPL · htmlwebappshardware

https://www.exploit-db.com/exploits/41472

View Code ZIP pw:eip

References (1)

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/41472/

Scores

CVSS v3 8.8

EPSS 0.0025

EPSS Percentile 48.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

netgear/dgn2200_firmware < 10.0.0.50

Published Mar 15, 2017

Tracked Since Feb 18, 2026