Critical severity9.8NVD Advisory· Published Jul 24, 2017· Updated May 13, 2026

CVE-2017-11588

Description

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. The command output is visible at /PingMsg.cmd.

Affected products

Cisco Systems, Inc./Residential Gateway Firmware2 versions
cpe:2.3:o:cisco:residential_gateway_firmware:ddr2200b-na-annexa-fcc-v00.00.03.45.4e:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:cisco:residential_gateway_firmware:ddr2200b-na-annexa-fcc-v00.00.03.45.4e:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:residential_gateway_firmware:ddr2201v1-na-annexa-fcc-v00.00.03.28.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2017/Jul/26nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/99963nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000