ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetgear Dgn2200
HWNetgearwszystkie wersjeNetgear Dgn2200 Firmware
OSNetgear≤ 10.0.0.50
CISA KEV — detailsi
- Vendori
- NETGEAR
- Producti
- Wireless Router DGN2200
- Added to KEVi
- March 7, 2022
- Remediation deadline (US Federal)i
- September 7, 2022(overdue)
Apply updates per vendor instructions.
NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.
Related vulnerabilities
Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 befor...
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending wi...
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, an...
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized...
NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, a...