CVE-2017-6334
KEV
🔴 Łataj teraz
Wykonanie dowolnych poleceń OS w NETGEAR DGN2200 przez zdalnych uwierzytelnionych użytkowników.
CVSS
8.8
EPSS
89.2%
Exploit
weaponized
Vendor
netgear
Opis źródłowy (NVD)
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 89.2% |
| Opublikowano (NVD) | 2017-03-06 02:59:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 17:43:06 UTC |
Referencje
- http://www.securityfocus.com/bid/96463 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
- https://www.exploit-db.com/exploits/41459/ (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
- https://www.exploit-db.com/exploits/41472/ (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
- https://www.exploit-db.com/exploits/42257/ (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6334 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]