CVE-2023-33532

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.

Published: Jun 6, 2023
Updated: Jun 13, 2023
CVE: CVE-2023-33532
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
netgear / r6250_firmware	1.0.4.48	1.0.4.48.x

http://netgear.com
https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf

Vulnerability Database

289,697

CVE-2023-33532