Command Injection Vulnerability in Netgear R6250 Router
CVE-2023-33532

9.8CRITICAL

Key Information:

Vendor: Netgear
Status: R6250 Firmware
Vendor: CVE Published:; 6 June 2023

Summary

The Netgear R6250 router is susceptible to a command injection vulnerability in its web management interface. This flaw allows authenticated attackers to inject arbitrary commands into the post request parameters, ultimately granting them shell access. Users and administrators of the affected firmware version must take immediate action to secure their devices and mitigate potential exploitation risks. For further details, refer to the official documentation and updates provided by the vendor.

References

http://netgear.com

https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-3...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2023
Vulnerability Reserved
May 22, 2023