Command Injection in NETGEAR products - #VU73748
Published: March 16, 2023
Vulnerability identifier: #VU73748
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-77
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
CBR750
EAX20
EAX80
EX3700
EX3800
EX6120
EX6130
EX7000
LAX20
MK62
MR60
MS60
MK83
MR80
MS80
RBW30
R8000P
RAX15
RAX20
RAX200
RAX45
RAX50
RAX43
RAX40v2
RAX38v2
RAX35v2
RAX75
RAX80
RBK752
RBR750
RBS750
RBK852
RBR850
RBS850
R6400
R6400v2
R7000
R7000P
RS400
XR1000
CBR750
EAX20
EAX80
EX3700
EX3800
EX6120
EX6130
EX7000
LAX20
MK62
MR60
MS60
MK83
MR80
MS80
RBW30
R8000P
RAX15
RAX20
RAX200
RAX45
RAX50
RAX43
RAX40v2
RAX38v2
RAX35v2
RAX75
RAX80
RBK752
RBR750
RBS750
RBK852
RBR850
RBS850
R6400
R6400v2
R7000
R7000P
RS400
XR1000
Software vendor:
NETGEAR
NETGEAR
Description
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.