vendor:
DGN2200B
by:
N/A
7,5
CVSS
HIGH
OS Command Injection
78
CWE
Product Name: DGN2200B
Affected Version From: V1.0.0.36_7.0.36
Affected Version To: V1.0.0.36_7.0.36
Patch Exists: YES
Related CWE: N/A
CPE: h:netgear:dgn2200b
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011
OS Command Injection in the PPOE configuration
The vulnerability is caused by missing input validation in the pppoe_username parameter and can be exploited to inject and execute arbitrary shell commands. It is possible to upload and execute a backdoor to compromise the device.
Mitigation:
Input validation should be implemented to prevent OS command injection attacks.
