Vulnerability Description
Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | D6220 Firmware | 1.0.0.80 |
| Netgear | D6220 | - |
| Netgear | D8500 Firmware | 1.0.3.60 |
| Netgear | D8500 | - |
| Netgear | R6700 Firmware | 1.0.2.26 |
| Netgear | R6700 | - |
| Netgear | R6900 Firmware | 1.0.2.26 |
| Netgear | R6900 | - |
Related Weaknesses (CWE)
References
- https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33533/Netgear_RCE.pdfExploitThird Party Advisory
- https://www.netgear.com/about/security/Vendor Advisory
- https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33533/Netgear_RCE.pdfExploitThird Party Advisory
- https://www.netgear.com/about/security/Vendor Advisory
FAQ
What is CVE-2023-33533?
CVE-2023-33533 is a vulnerability with a CVSS score of 8.8 (HIGH). Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. ...
How severe is CVE-2023-33533?
CVE-2023-33533 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33533?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear D6220 Firmware, Netgear D6220, Netgear D8500 Firmware, Netgear D8500, Netgear R6700 Firmware.