Authenticated command executioin in several NETGEAR routers

Published: 2023-01-02

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) OS Command Injection

EUVDB-ID: #VU70579

Risk: Low




Exploit availability:


The vulnerability allows a remote user to execute arbitrary shell commands on the device.

The vulnerability exists due to improper input validation. A remote authenticated user can send specially crafted data to the application and execute arbitrary OS commands on the device.


Install updates from vendor's website.

Vulnerable software versions

RAX45: before

RAX50: before

RAX15: before

RAX20: before

RBK852: before

RBR850: before

RBS850: before

RBK752: before

RBR750: before

RBS750: before

RAX75: before

RAX80: before

RAX200: before

R8000: before

R7900: before

MK62: before

MR60: before

MS60: before

R7000P: before

R8000P: before

R7960P: before

Fixed software versions

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?