CVE-2017-11588

CVE Database · CVE-2017-11588

CVE-2017-11588

· N/AModified

CVSS v3.1

N/A

EPSS

4.16%

Published

Jul 23, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. The command output is visible at /PingMsg.cmd.

Weaknesses (CWE)

CWE-78

Affected Products (3)

cisco · residential_gateway_firmwarevulnerable

cisco · residential_gateway

References (4)

http://seclists.org/fulldisclosure/2017/Jul/26

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/99963

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Jul/26

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/99963

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs