Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

Related CPE's

o

netgear

xr450_firmware

Vulnerable

h

netgear

xr450

-

o

netgear

xr500_firmware

Vulnerable

h

netgear

xr500

-

o

netgear

wnr2000v5_firmware

Vulnerable

h

netgear

wnr2000v5

-

References

https://kb.netgear.com/000063023/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0595

Vendor Advisory

https://kb.netgear.com/000063023/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0595

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

7.3 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-03-23T06:15:13.390Z

4 years ago

Last modified

2024-11-21T05:00:38.587Z

1 year ago