Vulnerability Details CVE-2023-33533
Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.068
EPSS Ranking 90.8%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-33533
-
cpe:2.3:h:netgear:d6220:-
-
cpe:2.3:h:netgear:d8500:-
-
cpe:2.3:h:netgear:r6700:-
-
cpe:2.3:h:netgear:r6900:-
-
cpe:2.3:o:netgear:d6220_firmware:1.0.0.80
-
cpe:2.3:o:netgear:d8500_firmware:1.0.3.60
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.26
-
cpe:2.3:o:netgear:r6900_firmware:1.0.2.26