CVE-2017-6077

Name of the Vulnerable Software and Affected Versions NETGEAR DGN2200 versions through 10.0.0.50

Description The issue allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping IPAddr field of an HTTP POST request to the ping.cgi endpoint. This is due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of the issue may allow a remote attacker to execute arbitrary commands on the router's operating system and gain full control over the device.

Recommendations For versions through 10.0.0.50, consider disabling the ping.cgi endpoint until a patch is available to prevent exploitation. Restrict access to the ping.cgi endpoint to minimize the risk of exploitation. Avoid using the ping IPAddr parameter in the POST request to the ping.cgi endpoint until the issue is resolved.