CVE-2023-33533

Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:d6220_firmware:1.0.0.80:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:d8500_firmware:1.0.3.60:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:r6700_firmware:1.0.2.26:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:r6900_firmware:1.0.2.26:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*

History

14 Jun 2023, 20:41

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d8500_firmware:1.0.3.60:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d6220_firmware:1.0.0.80:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6700_firmware:1.0.2.26:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6900_firmware:1.0.2.26:*:*:*:*:*:*:*
CWE CWE-77
First Time Netgear r6700
Netgear
Netgear r6900
Netgear r6700 Firmware
Netgear d8500
Netgear d8500 Firmware
Netgear r6900 Firmware
Netgear d6220 Firmware
Netgear d6220
References (MISC) https://www.netgear.com/about/security/ - (MISC) https://www.netgear.com/about/security/ - Vendor Advisory
References (MISC) https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33533/Netgear_RCE.pdf - (MISC) https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33533/Netgear_RCE.pdf - Exploit, Third Party Advisory

06 Jun 2023, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-06 14:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-33533

Mitre link : CVE-2023-33533

CVE.ORG link : CVE-2023-33533


JSON object : View

Products Affected

netgear

  • d6220
  • r6700_firmware
  • d8500
  • r6900_firmware
  • r6900
  • d8500_firmware
  • d6220_firmware
  • r6700
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')