NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.
CVSS Score
6.8
EPSS Score
0.003
Published
2023-03-10
The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-12-16
A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-12-16
Page 4