Lucene search

MitreCVE-2023-33533

HistoryJun 06, 2023 - 2:15 p.m.

CVE-2023-33533

2023-06-0614:15:12

CWE-77

mitre

web.nvd.nist.gov

netgear

d6220

d8500

r6700

r6900

firmware

vulnerability

command injection

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.

Affected configurations

Nvd

Node

netgeard6220_firmwareMatch1.0.0.80

AND

netgeard6220Match-

Node

netgeard8500_firmwareMatch1.0.3.60

AND

netgeard8500Match-

Node

netgearr6700_firmwareMatch1.0.2.26

AND

netgearr6700Match-

Node

netgearr6900_firmwareMatch1.0.2.26

AND

netgearr6900Match-

VendorProductVersionCPE
netgeard6220_firmware1.0.0.80cpe:2.3:o:netgear:d6220_firmware:1.0.0.80:*:*:*:*:*:*:*
netgeard6220-cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*
netgeard8500_firmware1.0.3.60cpe:2.3:o:netgear:d8500_firmware:1.0.3.60:*:*:*:*:*:*:*
netgeard8500-cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*
netgearr6700_firmware1.0.2.26cpe:2.3:o:netgear:r6700_firmware:1.0.2.26:*:*:*:*:*:*:*
netgearr6700-cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*
netgearr6900_firmware1.0.2.26cpe:2.3:o:netgear:r6900_firmware:1.0.2.26:*:*:*:*:*:*:*
netgearr6900-cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	d6220_firmware	1.0.0.80	cpe:2.3:o:netgear:d6220_firmware:1.0.0.80:::::::*
netgear	d6220	-	cpe:2.3:h:netgear:d6220:-:::::::*
netgear	d8500_firmware	1.0.3.60	cpe:2.3:o:netgear:d8500_firmware:1.0.3.60:::::::*
netgear	d8500	-	cpe:2.3:h:netgear:d8500:-:::::::*
netgear	r6700_firmware	1.0.2.26	cpe:2.3:o:netgear:r6700_firmware:1.0.2.26:::::::*
netgear	r6700	-	cpe:2.3:h:netgear:r6700:-:::::::*
netgear	r6900_firmware	1.0.2.26	cpe:2.3:o:netgear:r6900_firmware:1.0.2.26:::::::*
netgear	r6900	-	cpe:2.3:h:netgear:r6900:-:::::::*

References

github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33533/Netgear_RCE.pdf

www.netgear.com/about/security/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Related for CVE-2023-33533