Command Injection in R6700v3 and R6400v2 - #VU70064

 

Command Injection in R6700v3 and R6400v2 - #VU70064

Published: December 8, 2022


Vulnerability identifier: #VU70064
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-77
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: NETGEAR
Affected software:
R6700v3
R6400v2

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote attacker on the local network can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install updates from vendor's website.

Sources