CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-38921

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.019

EPSS Ranking 82.3%

CVSS Severity

CVSS v3 Score 8.8

References

https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/upgrade_handler
https://www.netgear.com/about/security/
https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/upgrade_handler
https://www.netgear.com/about/security/

Products affected by CVE-2023-38921

Netgear » Wag302v2 » Version: N/A

cpe:2.3:h:netgear:wag302v2:-
Netgear » Wg302v2 » Version: N/A

cpe:2.3:h:netgear:wg302v2:-
Netgear » Wag302v2 Firmware » Version: 5.1.19

cpe:2.3:o:netgear:wag302v2_firmware:5.1.19
Netgear » Wg302v2 Firmware » Version: 5.2.9

cpe:2.3:o:netgear:wg302v2_firmware:5.2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-38921

Products

Pricing

Contact Us