Details of VAR-202306-0440

ID

VAR-202306-0440

CVE

CVE-2023-33532

TITLE

Netgear R6250 Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2023-64074 // CNNVD: CNNVD-202306-369

DESCRIPTION

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges. Netgear R6250 is a router launched by Netgear. Attackers can use this vulnerability to execute arbitrary commands and obtain host privileges

Trust: 1.53

sources: NVD: CVE-2023-33532 // CNVD: CNVD-2023-64074 // VULMON: CVE-2023-33532

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-64074

AFFECTED PRODUCTS

vendor:

netgear

model:

r6250

scope:

version:

1.0.4.48

Trust: 1.6

sources: CNVD: CNVD-2023-64074 // NVD: CVE-2023-33532

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-33532
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-33532
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2023-64074
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202306-369
value:	CRITICAL
Trust: 0.6

CNVD:	CNVD-2023-64074
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-33532
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2023-64074 // CNNVD: CNNVD-202306-369 // NVD: CVE-2023-33532 // NVD: CVE-2023-33532

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2023-33532

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-369

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202306-369

PATCH

title:

Patch for Netgear R6250 Command Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/452036

Trust: 0.6

sources: CNVD: CNVD-2023-64074

EXTERNAL IDS

db:	NVD	id:	CVE-2023-33532	Trust: 2.3
db:	CNVD	id:	CNVD-2023-64074	Trust: 0.6
db:	CNNVD	id:	CNNVD-202306-369	Trust: 0.6
db:	VULMON	id:	CVE-2023-33532	Trust: 0.1

sources: CNVD: CNVD-2023-64074 // VULMON: CVE-2023-33532 // CNNVD: CNNVD-202306-369 // NVD: CVE-2023-33532

REFERENCES

url:	http://netgear.com	Trust: 2.3
url:	https://github.com/d2y6p/cve/blob/main/netgear/cve-2023-33532/netgear_r6250_rce.pdf	Trust: 2.3
url:	https://cxsecurity.com/cveshow/cve-2023-33532/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-64074 // VULMON: CVE-2023-33532 // CNNVD: CNNVD-202306-369 // NVD: CVE-2023-33532

SOURCES

db:	CNVD	id:	CNVD-2023-64074
db:	VULMON	id:	CVE-2023-33532
db:	CNNVD	id:	CNNVD-202306-369
db:	NVD	id:	CVE-2023-33532

LAST UPDATE DATE

2025-01-08T23:13:46.599000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-64074	date:	2023-08-21T00:00:00
db:	VULMON	id:	CVE-2023-33532	date:	2023-06-06T00:00:00
db:	CNNVD	id:	CNNVD-202306-369	date:	2023-06-13T00:00:00
db:	NVD	id:	CVE-2023-33532	date:	2025-01-08T16:15:30.250

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-64074	date:	2023-08-16T00:00:00
db:	VULMON	id:	CVE-2023-33532	date:	2023-06-06T00:00:00
db:	CNNVD	id:	CNNVD-202306-369	date:	2023-06-06T00:00:00
db:	NVD	id:	CVE-2023-33532	date:	2023-06-06T14:15:12.740