CVE-2023-33532

9.8CRITICAL

Key Information

Vendor: Netgear
Status: R6250 Firmware
Vendor: CVE Published:; 6 June 2023

Summary

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 6, 2023
Vulnerability Reserved.
May 22, 2023

Collectors

NVD DatabaseMitre Database