Command injection

2020-04-1619:15:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CPENameOperatorVersion
d3600_firmwarelt1.0.0.76
d6000_firmwarelt1.0.0.76
xr500_firmwarelt2.3.2.32

Name	Operator	Version
d3600_firmware	lt	1.0.0.76
d6000_firmware	lt	1.0.0.76
xr500_firmware	lt	2.3.2.32

References

kb.netgear.com/000061220/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0339