← Back

CVE-2023-33533

nvd nist
Published: Jun 6, 2023Modified: Jan 8, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.

Affected (4)

Netgear
4 products
D6220 Firmware
D8500 Firmware
R6700 Firmware
R6900 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D6220 Firmware
Version 1.0.0.80
Running on/withPlatform Versions
Netgear
D6220
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D8500 Firmware
Version 1.0.3.60
Running on/withPlatform Versions
Netgear
D8500
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6700 Firmware
Version 1.0.2.26
Running on/withPlatform Versions
Netgear
R6700
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6900 Firmware
Version 1.0.2.26
Running on/withPlatform Versions
Netgear
R6900
All versions

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (4)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.