Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

Related CPE's

o

netgear

xr450_firmware

Vulnerable

h

netgear

xr450

-

o

netgear

xr500_firmware

Vulnerable

h

netgear

xr500

-

o

netgear

wnr2000v5_firmware

Vulnerable

h

netgear

wnr2000v5

-

References

https://kb.netgear.com/000063023/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0595

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.4 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-03-23T07:15:13.390

4 years ago

Last modified

2021-03-26T14:13:18.217

4 years ago