#VU70577 OS Command Injection in NETGEAR products
Published: January 2, 2023
Vulnerability identifier: #VU70577
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
RBK852
RBR850
RBS850
RBK752
RBR750
RBS750
RAX200
RAX75
RAX80
MK83
MR80
MS80
RAX45
RAX50
RAX43
RAX40v2
RAX35v2
LAX20
RAX15
RAX20
MK62
MR60
MS60
CBR750
CBR40
R8000P
R7960P
R7000P
XR1000
RS400
RBK852
RBR850
RBS850
RBK752
RBR750
RBS750
RAX200
RAX75
RAX80
MK83
MR80
MS80
RAX45
RAX50
RAX43
RAX40v2
RAX35v2
LAX20
RAX15
RAX20
MK62
MR60
MS60
CBR750
CBR40
R8000P
R7960P
R7000P
XR1000
RS400
Software vendor:
NETGEAR
NETGEAR
Description
The vulnerability allows a remote user to execute arbitrary shell commands on the device.
The vulnerability exists due to improper input validation. A remote authenticated user can send specially crafted data to the application and execute arbitrary OS commands on the device.
Remediation
Install updates from vendor's website.