CVE-2023-33532: Command Injection
First published: Tue Jun 06 2023(Updated: )
There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| netgear R6250 Firmware | =1.0.4.48 | |
| NETGEAR R6250 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-33532?
CVE-2023-33532 is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48.
How severe is CVE-2023-33532?
CVE-2023-33532 has a severity rating of 9.8 (critical).
How does CVE-2023-33532 affect the Netgear R6250 router?
CVE-2023-33532 allows an attacker with web management privileges to inject commands into post request parameters, thereby gaining shell privileges on the router.
Which version of the Netgear R6250 firmware is affected by CVE-2023-33532?
CVE-2023-33532 affects Netgear R6250 firmware version 1.0.4.48.
Is the Netgear R6250 router itself vulnerable to CVE-2023-33532?
No, the Netgear R6250 router itself is not vulnerable to CVE-2023-33532.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/netgear
- canonical/netgear r6250 firmware
- version/netgear r6250 firmware/1.0.4.48
- canonical/netgear r6250