CVE-2017-6366

HIGH

NETGEAR DGN2200 Firmware 10.0.0.20-10.0.0.50 - Cross-Site Request Forgery via DNS Lookup

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-6366. PoCs published by SivertPL.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in NETGEAR DGN2200 routers that, when chained with CVE-2017-6334, allows unauthenticated remote code execution by tricking an authenticated user into visiting a malicious webpage. The payload injects a command into the DNS lookup functionality to trigger a reboot.

Description

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.

Exploits (1)

exploitdb WORKING POC

by SivertPL · htmlwebappshardware

https://www.exploit-db.com/exploits/41472

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in NETGEAR DGN2200 routers that, when chained with CVE-2017-6334, allows unauthenticated remote code execution by tricking an authenticated user into visiting a malicious webpage. The payload injects a command into the DNS lookup functionality to trigger a reboot.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: NETGEAR DGN2200v1/v2/v3/v4 firmware versions 10.0.0.20 to 10.0.0.50

No auth needed

Prerequisites: Victim must be authenticated to the router's web interface · Attacker must trick the victim into visiting a malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41472/

Scores

CVSS v3 8.8

EPSS 0.0025

EPSS Percentile 48.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

netgear/dgn2200_firmware < 10.0.0.50

Published Mar 15, 2017

Tracked Since Feb 18, 2026