The vulnerability of the upgrade_handler() functions in the microprogramming software for Netgear WG302v2 and Netgear WAG302v2 allows a hacker to execute arbitrary commands.

The vulnerability of the upgradehandler function in Netgear WG302v2 and Netgear WAG302v2 routers lies in the lack of measures to neutralize special elements during the processing of parameters firmwareRestore and firmwareServerip. Exploiting this vulnerability allows a remote attacker to execute...

CVE-2023-38921

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgradehandler function via the firmwareRestore and firmwareServerip parameters...