CVE-2017-6366

Name of the Vulnerable Software and Affected Versions NETGEAR DGN2200 routers versions 10.0.0.20 through 10.0.0.50

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests that perform DNS lookups via the host name parameter to "dnslookup.cgi" API endpoint. This can potentially be combined with other issues to execute arbitrary code remotely.

Recommendations For versions 10.0.0.20 through 10.0.0.50, consider restricting access to the "dnslookup.cgi" API endpoint to minimize the risk of exploitation. Avoid using the host name parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.