Thecarterb

**Name of the Vulnerable Software and Affected Versions** NETGEAR DGN2200 devices with firmware through 10.0.0.50 **Description** The issue exists due to the lack of neutralization of special elements used in the operating system command. This can be exploited by a remote attacker to execute arbitrary OS commands on the router and gain full control over the device by using metacharacters in the `ping IPAddr` parameter of a POST request or the `host name` field of an HTTP POST request in `dnslookup.cgi`. **Recommendations** For NETGEAR DGN2200 devices with firmware through 10.0.0.50, consider restricting access to the `dnslookup.cgi` and `ping.cgi` scripts until a patch is available. As a temporary workaround, avoid using the `host name` field in the `dnslookup.cgi` HTTP POST request and the `ping IPAddr` parameter in the `ping.cgi` POST request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.