CVE-2017-6366

Published: Mar 15, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.

Affected (1)

Products: Netgear: Dgn2200 Firmware

1 product

Dgn2200 Firmware

Configuration A

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Netgear Dgn2200 Firmware	Up to 10.0.0.50

Running on/with	Platform Versions
Netgear Dgn2200v1	All versions
Netgear Dgn2200v2	All versions
Netgear Dgn2200v3	All versions
Netgear Dgn2200v4	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://www.exploit-db.com/exploits/41472/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/41472/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.