CVE-2017-6077
Published: 22 February 2017
Summary
CVE-2017-6077 is a critical-severity OS Command Injection (CWE-78) vulnerability in Netgear Dgn2200 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2017-6077 is an OS command injection vulnerability (CWE-78) affecting the ping.cgi script on NETGEAR DGN2200 devices running firmware up to version 10.0.0.50. The flaw resides in the handling of the ping_IPAddr parameter within an HTTP POST request, where unsanitized input containing shell metacharacters is passed directly to the underlying operating system.
Remote authenticated users can exploit the issue over the network by submitting a crafted POST request to ping.cgi. Successful exploitation grants arbitrary command execution on the device, enabling full control over confidentiality, integrity, and availability with no user interaction required, as reflected in its CVSS 3.1 base score of 9.8.
Public references include Exploit-DB entries demonstrating working proof-of-concept code and a SecurityFocus advisory. The vulnerability is also listed in the CISA Known Exploited Vulnerabilities catalog, confirming observed real-world exploitation. No vendor patch details are provided in the referenced sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-15144
Vulnerability details
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
- CWE(s)
- KEV Date Added
- 07 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of the ping_IPAddr input field to reject shell metacharacters before they reach the OS, blocking the command injection in ping.cgi.
Enforces disabling or restricting the ping.cgi script and related network diagnostic functions that are not required, eliminating the vulnerable code path.
Limits privileges of the web-server process handling POST requests so that even a successful injection cannot achieve arbitrary OS command execution with full device control.