Full Disclosure

NETGEAR DGN2200v1/v2/v3/v4 – 'ping.cgi' Remote Command Execution

February 21, 2017 007admin Leave a comment

Posted by Kroppoloe on Feb 21

# Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 NON-ADMIN AUTHENTICATED RCE
# Date: 2017-02-18
# Exploit Author: SivertPL
# Vendor Homepage: http://netgear.com/
# Software Link:
http://www.downloads.netgear.com/files/GDC/DGN2200/DGN2200%20Firmware%20Version%201.0.0.20%20-%20Initial%20Release%20(NA).zip
# Version: 10.0.0.20 (initial) – 10.0.0.50 (latest, still 0-day!)
# Tested on: DGN2200v1,v2,v3,v4

There’s a pretty nice command…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information