This host has NetGear DGN2200 N300 Wireless Router and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to execute arbitrary commands, gain access to arbitrary files, and manipulate the device's settings. Impact Level: System/Application

The vendor has discontinued this product, and therefore has no patch or upgrade that mitigates this problem. It is recommended that an alternate software package be used in its place.

Multiple flaws are due to, - FTP Server not properly sanitizing user input, specifically absolute paths. - Program not allowing users to completely disable the Wi-Fi Protected Setup (WPS) functionality. - Web interface attempting to find new firmware on an FTP server every time an administrator logs in. - UPnP Interface as HTTP requests to /Public_UPNP_C3 do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. - Input passed via the 'ping_IPAddr' parameter is not properly sanitized upon submission to the /ping.cgi script. - Input passed via the 'hostname' parameter is not properly sanitized upon submission to the /dnslookup.cgi script. - Program storing password information in plaintext in /etc/passwd.

NetGear DGN2200 N300 Wireless Router Firmware Version 1.0.0.36-7.0.37

Send a HTTP GET request to restricted page and check whether it is able to access or not.

• http://packetstormsecurity.com/files/125184
• http://seclists.org/fulldisclosure/2014/Feb/104
• http://www.exploit-db.com/exploits/31617
• http://www.osvdb.com/103226
• http://www.osvdb.com/103227
• http://www.osvdb.com/103228
• http://www.osvdb.com/103229
• http://www.osvdb.com/103231
• http://www.osvdb.com/103232

---

Updated on 2017-03-28