EIP-2026-101373
PRE-CVENetgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-101373. PoCs published by Marcel Mangold.
AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in the Netgear D6300B router by injecting a semicolon followed by the 'ls' command into the 'IPAddr4' parameter of a POST request to '/diag.cgi'. The response includes the output of the 'ls' command, confirming arbitrary command execution.
Description
Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution
Exploits (1)
This exploit demonstrates a command injection vulnerability in the Netgear D6300B router by injecting a semicolon followed by the 'ls' command into the 'IPAddr4' parameter of a POST request to '/diag.cgi'. The response includes the output of the 'ls' command, confirming arbitrary command execution.