TROYANOSYVIRUS
Volver a CVEs

CVE-2023-33532

CRITICAL
9.8

Descripcion

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado6/6/2023
Ultima modificacion1/8/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

netgear:r6250netgear:r6250_firmware

Debilidades (CWE)

CWE-77CWE-77

Referencias

http://netgear.com(cve@mitre.org)
https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf(cve@mitre.org)
http://netgear.com(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.