Sign-up

ID

VAR-202306-0607


CVE

CVE-2023-33533


TITLE

Netgear Router Command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202306-373

DESCRIPTION

Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges

Trust: 0.99

sources: NVD: CVE-2023-33533 // VULMON: CVE-2023-33533

AFFECTED PRODUCTS

vendor:netgearmodel:r6900scope:eqversion:1.0.2.26

Trust: 1.0

vendor:netgearmodel:r6700scope:eqversion:1.0.2.26

Trust: 1.0

vendor:netgearmodel:d8500scope:eqversion:1.0.3.60

Trust: 1.0

vendor:netgearmodel:d6220scope:eqversion:1.0.0.80

Trust: 1.0

sources: NVD: CVE-2023-33533

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-33533
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-33533
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202306-373
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-33533
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: CNNVD: CNNVD-202306-373 // NVD: CVE-2023-33533 // NVD: CVE-2023-33533

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2023-33533

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-373

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202306-373

PATCH

title:Netgear Router Fixes for command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=241763

Trust: 0.6

sources: CNNVD: CNNVD-202306-373

EXTERNAL IDS

db:NVDid:CVE-2023-33533

Trust: 1.7

db:CNNVDid:CNNVD-202306-373

Trust: 0.6

db:VULMONid:CVE-2023-33533

Trust: 0.1

sources: VULMON: CVE-2023-33533 // CNNVD: CNNVD-202306-373 // NVD: CVE-2023-33533

REFERENCES

url:https://github.com/d2y6p/cve/blob/main/netgear/cve-2023-33533/netgear_rce.pdf

Trust: 1.7

url:https://www.netgear.com/about/security/

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2023-33533/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-33533 // CNNVD: CNNVD-202306-373 // NVD: CVE-2023-33533

SOURCES

db:VULMONid:CVE-2023-33533
db:CNNVDid:CNNVD-202306-373
db:NVDid:CVE-2023-33533

LAST UPDATE DATE

2025-01-08T23:11:08.330000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-33533date:2023-06-06T00:00:00
db:CNNVDid:CNNVD-202306-373date:2023-06-15T00:00:00
db:NVDid:CVE-2023-33533date:2025-01-08T16:15:30.463

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-33533date:2023-06-06T00:00:00
db:CNNVDid:CNNVD-202306-373date:2023-06-06T00:00:00
db:NVDid:CVE-2023-33533date:2023-06-06T14:15:12.817