CVE-2023-33533
Summary
| CVE | CVE-2023-33533 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-06 14:15:00 UTC |
| Updated | 2023-06-14 20:41:00 UTC |
| Description | Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Netgear | D6220 | - | All | All | All |
| Operating System | Netgear | D6220 Firmware | 1.0.0.80 | All | All | All |
| Hardware | Netgear | D8500 | - | All | All | All |
| Operating System | Netgear | D8500 Firmware | 1.0.3.60 | All | All | All |
| Hardware | Netgear | R6700 | - | All | All | All |
| Operating System | Netgear | R6700 Firmware | 1.0.2.26 | All | All | All |
| Hardware | Netgear | R6900 | - | All | All | All |
| Operating System | Netgear | R6900 Firmware | 1.0.2.26 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE/Netgear_RCE.pdf at main · D2y6p/CVE · GitHub | MISC | github.com | |
| www.netgear.com/about/security | MISC | www.netgear.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.