CVE-2023-33533

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-33533
Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33533/Netgear_RCE.pdf Exploit Third Party Advisory
https://www.netgear.com/about/security/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:d6220_firmware:1.0.0.80:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:d8500_firmware:1.0.3.60:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:r6700_firmware:1.0.2.26:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:r6900_firmware:1.0.2.26:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*
History

14 Jun 2023, 20:41

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
First Time Netgear r6900
Netgear
Netgear r6700
Netgear d8500
Netgear r6900 Firmware
Netgear d6220 Firmware
Netgear d8500 Firmware
Netgear d6220
Netgear r6700 Firmware
CPE cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6900_firmware:1.0.2.26:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d8500_firmware:1.0.3.60:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6700_firmware:1.0.2.26:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d6220_firmware:1.0.0.80:*:*:*:*:*:*:*
References (MISC) https://www.netgear.com/about/security/ - (MISC) https://www.netgear.com/about/security/ - Vendor Advisory
References (MISC) https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33533/Netgear_RCE.pdf - (MISC) https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33533/Netgear_RCE.pdf - Exploit, Third Party Advisory
CWE CWE-77

06 Jun 2023, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-06 14:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-33533

Mitre link : CVE-2023-33533

CVE.ORG link : CVE-2023-33533

JSON object : View

Products Affected

netgear

  • r6900
  • r6700
  • r6700_firmware
  • d8500_firmware
  • d8500
  • d6220_firmware
  • r6900_firmware
  • d6220
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')