CVE-2023-33532

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:r6250_firmware:1.0.4.48:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*

History

12 Jun 2023, 16:39

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-77
First Time Netgear r6250
Netgear r6250 Firmware
Netgear
CPE cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6250_firmware:1.0.4.48:*:*:*:*:*:*:*
References (MISC) https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf - (MISC) https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf - Exploit, Third Party Advisory
References (MISC) http://netgear.com - (MISC) http://netgear.com - Product

06 Jun 2023, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-06 14:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-33532

Mitre link : CVE-2023-33532

CVE.ORG link : CVE-2023-33532


JSON object : View

Products Affected

netgear

  • r6250_firmware
  • r6250
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')