Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.
Advisories
Source ID Title
EUVD EUVD EUVD-2017-15427 Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T15:25:49.185Z

Reserved: 2017-02-28T00:00:00

Link: CVE-2017-6366

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2017-03-15T14:59:00.853

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-6366

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.