#VU10440 OS command injection in NETGEAR products
Published: February 9, 2018
Vulnerability identifier: #VU10440
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-78
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
R6100
D7800
EX6200v2
R7800
R7500v2
R7500
R6100
D7800
EX6200v2
R7800
R7500v2
R7500
Software vendor:
NETGEAR
NETGEAR
Description
The vulnerability allows an local root-privileged attacker to execute shell commands on the target system.
The weakness exists due to post-authentication command injection. A local attacker can inject and execute arbitrary commands with root privileges during short time window when WPS is activated.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to post-authentication command injection. A local attacker can inject and execute arbitrary commands with root privileges during short time window when WPS is activated.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to the latest version.