Sign-up

ID

VAR-201703-1017


CVE

CVE-2017-6334


TITLE

NETGEAR DGN2200 Device firmware dnslookup.cgi In any OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-002116

DESCRIPTION

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. NETGEAR DGN2200 Device firmware dnslookup.cgi Any OS A command execution vulnerability exists. The NETGEARDGN2200 is an ADSL router device. Green Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. NETGEAR DGN2200 is a wireless router product of NETGEAR

Trust: 2.88

sources: NVD: CVE-2017-6334 // JVNDB: JVNDB-2017-002116 // CNVD: CNVD-2017-02591 // BID: 41425 // BID: 96463 // VULHUB: VHN-114537 // VULMON: CVE-2017-6334

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-02591

AFFECTED PRODUCTS

vendor:netgearmodel:dgn2200 seriesscope:lteversion:10.0.0.50

Trust: 1.0

vendor:net gearmodel:dgn2200scope:lteversion:10.0.0.50

Trust: 0.8

vendor:net gearmodel:netgear dgn2200v1scope: - version: -

Trust: 0.8

vendor:net gearmodel:netgear dgn2200v2scope: - version: -

Trust: 0.8

vendor:net gearmodel:netgear dgn2200v3scope: - version: -

Trust: 0.8

vendor:net gearmodel:netgear dgn2200v4scope: - version: -

Trust: 0.8

vendor:netgearmodel:dgn2200scope:eqversion:10.0.0.20

Trust: 0.6

vendor:netgearmodel:dgn2200 seriesscope:eqversion:10.0.0.50

Trust: 0.6

vendor:greenmodel:shop green shopscope:eqversion:0

Trust: 0.3

vendor:netgearmodel:dgn2200v4scope:eqversion:0

Trust: 0.3

vendor:netgearmodel:dgn2200v3scope:eqversion:0

Trust: 0.3

vendor:netgearmodel:dgn2200v2scope:eqversion:0

Trust: 0.3

vendor:netgearmodel:dgn2200v1scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-02591 // BID: 41425 // BID: 96463 // JVNDB: JVNDB-2017-002116 // CNNVD: CNNVD-201702-862 // NVD: CVE-2017-6334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6334
value: HIGH

Trust: 1.0

NVD: CVE-2017-6334
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-02591
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201702-862
value: HIGH

Trust: 0.6

VULHUB: VHN-114537
value: HIGH

Trust: 0.1

VULMON: CVE-2017-6334
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6334
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-02591
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114537
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6334
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-6334
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-02591 // VULHUB: VHN-114537 // VULMON: CVE-2017-6334 // JVNDB: JVNDB-2017-002116 // CNNVD: CNNVD-201702-862 // NVD: CVE-2017-6334

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-114537 // JVNDB: JVNDB-2017-002116 // NVD: CVE-2017-6334

THREAT TYPE

network

Trust: 0.6

sources: BID: 41425 // BID: 96463

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201702-862

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002116

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-114537 // 
            
            
            
            VULMON: CVE-2017-6334

PATCH
title:Top Pageurl:http://www.netgear.com/?cid=wmt_netgear_organic
Trust: 0.8
title:NETGEARDGN2200 remote code execution vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/90369
Trust: 0.6
title:Dear Diary,url:https://github.com/ker2x/DearDiary 
Trust: 0.1
title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-02591 // 
            
            
            
            VULMON: CVE-2017-6334 // 
            
            
            
            JVNDB: JVNDB-2017-002116

EXTERNAL IDS
db:NVDid:CVE-2017-6334
Trust: 3.5
db:BIDid:96463
Trust: 3.5
db:EXPLOIT-DBid:41472
Trust: 2.4
db:EXPLOIT-DBid:42257
Trust: 1.8
db:EXPLOIT-DBid:41459
Trust: 1.8
db:BIDid:41425
Trust: 0.9
db:JVNDBid:JVNDB-2017-002116
Trust: 0.8
db:CNNVDid:CNNVD-201702-862
Trust: 0.7
db:CNVDid:CNVD-2017-02591
Trust: 0.6
db:EXPLOIT-DBid:14259
Trust: 0.3
db:PACKETSTORMid:143128
Trust: 0.1
db:PACKETSTORMid:141337
Trust: 0.1
db:VULHUBid:VHN-114537
Trust: 0.1
db:VULMONid:CVE-2017-6334
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-02591 // 
            
            
            
            VULHUB: VHN-114537 // 
            
            
            
            VULMON: CVE-2017-6334 // 
            
            
            
            BID: 41425 // 
            
            
            
            BID: 96463 // 
            
            
            
            JVNDB: JVNDB-2017-002116 // 
            
            
            
            CNNVD: CNNVD-201702-862 // 
            
            
            
            NVD: CVE-2017-6334

REFERENCES
url:http://www.securityfocus.com/bid/96463
Trust: 3.2
url:https://www.exploit-db.com/exploits/41472/
Trust: 2.4
url:https://www.exploit-db.com/exploits/41459/
Trust: 1.9
url:https://www.exploit-db.com/exploits/42257/
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6334
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6334
Trust: 0.8
url:http://www.exploit-db.com/exploits/14259/
Trust: 0.3
url:http://www.netgear.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=53033
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/modules/exploit/linux/http/netgear_dnslookup_cmd_exec
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-02591 // 
            
            
            
            VULHUB: VHN-114537 // 
            
            
            
            VULMON: CVE-2017-6334 // 
            
            
            
            BID: 41425 // 
            
            
            
            BID: 96463 // 
            
            
            
            JVNDB: JVNDB-2017-002116 // 
            
            
            
            CNNVD: CNNVD-201702-862 // 
            
            
            
            NVD: CVE-2017-6334

CREDITS
PrinceofHacking
Trust: 0.3
sources:
            
            
            BID: 41425

SOURCES
db:CNVDid:CNVD-2017-02591
db:VULHUBid:VHN-114537
db:VULMONid:CVE-2017-6334
db:BIDid:41425
db:BIDid:96463
db:JVNDBid:JVNDB-2017-002116
db:CNNVDid:CNNVD-201702-862
db:NVDid:CVE-2017-6334

LAST UPDATE DATE
2024-08-14T14:13:33.444000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-02591date:2017-03-10T00:00:00
db:VULHUBid:VHN-114537date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-6334date:2019-10-03T00:00:00
db:BIDid:41425date:2010-07-07T00:00:00
db:BIDid:96463date:2017-03-07T01:08:00
db:JVNDBid:JVNDB-2017-002116date:2017-03-29T00:00:00
db:CNNVDid:CNNVD-201702-862date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6334date:2024-07-16T17:55:52.600

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-02591date:2017-03-10T00:00:00
db:VULHUBid:VHN-114537date:2017-03-06T00:00:00
db:VULMONid:CVE-2017-6334date:2017-03-06T00:00:00
db:BIDid:41425date:2010-07-07T00:00:00
db:BIDid:96463date:2017-02-26T00:00:00
db:JVNDBid:JVNDB-2017-002116date:2017-03-29T00:00:00
db:CNNVDid:CNNVD-201702-862date:2017-02-27T00:00:00
db:NVDid:CVE-2017-6334date:2017-03-06T02:59:00.433