Sign-up

ID

VAR-201702-0952


CVE

CVE-2017-6077


TITLE

NETGEAR DGN2200 Device firmware ping.cgi In any OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-001693

DESCRIPTION

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request. The NETGEARDGN2200 is an ADSL router device. There are arbitrary command execution vulnerabilities in ping.cgi in the NETGEARDGN220010.0.0.50 version. NETGEAR DGN2200 is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. NETGEAR DGN2200 10.0.0.50 is vulnerable. There is a security vulnerability in the ping.cgi file in NETGEAR DGN2200 with firmware version 10.0.0.50 and earlier

Trust: 2.61

sources: NVD: CVE-2017-6077 // JVNDB: JVNDB-2017-001693 // CNVD: CNVD-2017-02455 // BID: 96408 // VULHUB: VHN-114280 // VULMON: CVE-2017-6077

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-02455

AFFECTED PRODUCTS

vendor:netgearmodel:dgn2200scope:eqversion:10.0.0.50

Trust: 1.2

vendor:netgearmodel:dgn2200scope:lteversion:10.0.0.50

Trust: 1.0

vendor:net gearmodel:dgn2200scope: - version: -

Trust: 0.8

vendor:net gearmodel:dgn2200scope:lteversion:10.0.0.50

Trust: 0.8

sources: CNVD: CNVD-2017-02455 // JVNDB: JVNDB-2017-001693 // NVD: CVE-2017-6077 // CNNVD: CNNVD-201702-616

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-6077
value: CRITICAL

Trust: 1.8

CNVD: CNVD-2017-02455
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201702-616
value: CRITICAL

Trust: 0.6

VULHUB: VHN-114280
value: HIGH

Trust: 0.1

VULMON: CVE-2017-6077
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2017-6077
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

CNVD: CNVD-2017-02455
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114280
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2017-6077
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-02455 // VULHUB: VHN-114280 // VULMON: CVE-2017-6077 // JVNDB: JVNDB-2017-001693 // NVD: CVE-2017-6077 // CNNVD: CNNVD-201702-616

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-114280 // JVNDB: JVNDB-2017-001693 // NVD: CVE-2017-6077

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-616

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201702-616

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-6077

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-114280 // 
            
            
            
            VULMON: CVE-2017-6077

PATCH
title:Top Pageurl:http://www.netgear.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-001693

EXTERNAL IDS
db:NVDid:CVE-2017-6077
Trust: 3.5
db:EXPLOIT-DBid:41394
Trust: 3.2
db:BIDid:96408
Trust: 2.1
db:JVNDBid:JVNDB-2017-001693
Trust: 0.8
db:CNNVDid:CNNVD-201702-616
Trust: 0.7
db:EXPLOITDBid:41394
Trust: 0.6
db:CNVDid:CNVD-2017-02455
Trust: 0.6
db:PACKETSTORMid:141209
Trust: 0.1
db:VULHUBid:VHN-114280
Trust: 0.1
db:VULMONid:CVE-2017-6077
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-02455 // 
            
            
            
            VULHUB: VHN-114280 // 
            
            
            
            VULMON: CVE-2017-6077 // 
            
            
            
            BID: 96408 // 
            
            
            
            JVNDB: JVNDB-2017-001693 // 
            
            
            
            NVD: CVE-2017-6077 // 
            
            
            
            CNNVD: CNNVD-201702-616

REFERENCES
url:https://www.exploit-db.com/exploits/41394/
Trust: 3.3
url:http://www.securityfocus.com/bid/96408
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6077
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6077
Trust: 0.8
url:http://www.netgear.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-02455 // 
            
            
            
            VULHUB: VHN-114280 // 
            
            
            
            VULMON: CVE-2017-6077 // 
            
            
            
            BID: 96408 // 
            
            
            
            JVNDB: JVNDB-2017-001693 // 
            
            
            
            NVD: CVE-2017-6077 // 
            
            
            
            CNNVD: CNNVD-201702-616

CREDITS
SivertPL
Trust: 0.3
sources:
            
            
            BID: 96408

SOURCES
db:CNVDid:CNVD-2017-02455
db:VULHUBid:VHN-114280
db:VULMONid:CVE-2017-6077
db:BIDid:96408
db:JVNDBid:JVNDB-2017-001693
db:NVDid:CVE-2017-6077
db:CNNVDid:CNNVD-201702-616

LAST UPDATE DATE
2023-12-18T12:20:02.864000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-02455date:2017-03-06T00:00:00
db:VULHUBid:VHN-114280date:2017-03-02T00:00:00
db:VULMONid:CVE-2017-6077date:2017-03-02T00:00:00
db:BIDid:96408date:2017-03-07T03:08:00
db:JVNDBid:JVNDB-2017-001693date:2017-03-14T00:00:00
db:NVDid:CVE-2017-6077date:2017-03-02T02:59:02.710
db:CNNVDid:CNNVD-201702-616date:2017-02-23T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-02455date:2017-03-06T00:00:00
db:VULHUBid:VHN-114280date:2017-02-22T00:00:00
db:VULMONid:CVE-2017-6077date:2017-02-22T00:00:00
db:BIDid:96408date:2017-02-22T00:00:00
db:JVNDBid:JVNDB-2017-001693date:2017-03-14T00:00:00
db:NVDid:CVE-2017-6077date:2017-02-22T23:59:00.190
db:CNNVDid:CNNVD-201702-616date:2017-02-20T00:00:00