Cybersecurity specialists reported the detection of a severe vulnerability in the dgn2200v1 routers, developed by the technology firm Netgear. According to the report, successful exploitation of this vulnerability would allow threat actors to deploy serious arbitrary command execution attacks.
The investigation suggests that the vulnerability exists due to incorrect input validation in the dnslookup.cgi parameter, which can be abused by unauthenticated remote threat actors to pass specially crafted data and execute arbitrary commands on the compromised system.
This vulnerability received a score of 8.5/10 according to the Common Vulnerability Scoring System (CVSS) and its successful exploitation would allow the total commitment of the target system. It should be mentioned that the flaw does not yet receive a CVE tracking key.
This flaw resides in all versions of DGN2200v1 earlier than 22.214.171.124.
Although the vulnerability could be exploited remotely by unauthenticated threat actors, cybersecurity experts point out that so far no active exploitation attempts or the existence of a malware variant associated with the attack have been detected.
Security patches to address the vulnerability are now available, so Netgear recommends administrators of vulnerable devices update as soon as possible.
To learn more about cybersecurity risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.