CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
39.7%
Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.
Vendor | Product | Version | CPE |
---|---|---|---|
netgear | d6220_firmware | 1.0.0.80 | cpe:2.3:o:netgear:d6220_firmware:1.0.0.80:*:*:*:*:*:*:* |
netgear | d6220 | - | cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:* |
netgear | d8500_firmware | 1.0.3.60 | cpe:2.3:o:netgear:d8500_firmware:1.0.3.60:*:*:*:*:*:*:* |
netgear | d8500 | - | cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:* |
netgear | r6700_firmware | 1.0.2.26 | cpe:2.3:o:netgear:r6700_firmware:1.0.2.26:*:*:*:*:*:*:* |
netgear | r6700 | - | cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:* |
netgear | r6900_firmware | 1.0.2.26 | cpe:2.3:o:netgear:r6900_firmware:1.0.2.26:*:*:*:*:*:*:* |
netgear | r6900 | - | cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
39.7%