CVE-2023-33532

CWE-77Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
27.4%
top 3.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear R6250 Firmware
Timeline
PublishedJun 6

Description

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-m27w-5xf6-x4r2: There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 12023-06-06
CVEList
CVE-2023-33532: There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 12023-06-06
CVE-2023-33532 (CRITICAL CVSS 9.8) | There is a command injection vulner | cvebase.io