CVE-2023-33532

Published: Jun 6, 2023Modified: Jan 8, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.

Affected (1)

Products: Netgear: R6250 Firmware

Netgear

1 product

R6250 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6250 Firmware	Version 1.0.4.48

Running on/with	Platform Versions
Netgear R6250	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (4)

http://netgear.com

Source: cve@mitre.org

Product

https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

http://netgear.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.