Vulnerability feed

Vulnerability

CVE-2017-6334

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2017-6334
Description:: dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
Last updated date:: 07/16/2024

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 11/11/2021
Reference url to background: https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 03/25/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/03/2019
Reference url to background: https://www.exploit-db.com/exploits/41459/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/02/2020
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netgear_dnslookup_cmd_exec.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/16/2024
Reference url to background: https://www.exploit-db.com/exploits/41472/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/16/2024
Reference url to background: https://www.exploit-db.com/exploits/42257/

Vulnerability Feed Contributors About Blog

@inTheWild

©2024 |