Sign-up

ID

VAR-202312-0600


CVE

CVE-2023-50089


TITLE

of netgear  WNR2000  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-020173

DESCRIPTION

A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. of netgear WNR2000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNR2000 is a wireless router made by NETGEAR. This vulnerability is caused by the application's failure to correctly filter special characters and commands in constructed commands. An attacker could exploit this vulnerability to cause arbitrary command execution

Trust: 2.16

sources: NVD: CVE-2023-50089 // JVNDB: JVNDB-2023-020173 // CNVD: CNVD-2023-99028

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-99028

AFFECTED PRODUCTS

vendor:netgearmodel:wnr2000scope:eqversion:1.0.0.70

Trust: 1.0

vendor:ネットギアmodel:wnr2000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:wnr2000scope:eqversion: -

Trust: 0.8

vendor:ネットギアmodel:wnr2000scope:eqversion:wnr2000 firmware 1.0.0.70

Trust: 0.8

vendor:netgearmodel:wnr2000scope:eqversion:v41.0.0.70

Trust: 0.6

sources: CNVD: CNVD-2023-99028 // JVNDB: JVNDB-2023-020173 // NVD: CVE-2023-50089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-50089
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-50089
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2023-99028
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-99028
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-50089
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-50089
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-99028 // JVNDB: JVNDB-2023-020173 // NVD: CVE-2023-50089

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-020173 // NVD: CVE-2023-50089

EXTERNAL IDS

db:NVDid:CVE-2023-50089

Trust: 3.2

db:JVNDBid:JVNDB-2023-020173

Trust: 0.8

db:CNVDid:CNVD-2023-99028

Trust: 0.6

sources: CNVD: CNVD-2023-99028 // JVNDB: JVNDB-2023-020173 // NVD: CVE-2023-50089

REFERENCES

url:https://github.com/noneshell/vulnerabilities/blob/main/netgear/wnr2000v4-1.0.0.70-authorized-command-injection.md

Trust: 1.8

url:https://www.netgear.com/about/security/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-50089

Trust: 1.4

sources: CNVD: CNVD-2023-99028 // JVNDB: JVNDB-2023-020173 // NVD: CVE-2023-50089

SOURCES

db:CNVDid:CNVD-2023-99028
db:JVNDBid:JVNDB-2023-020173
db:NVDid:CVE-2023-50089

LAST UPDATE DATE

2024-08-14T15:20:47.120000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-99028date:2023-12-20T00:00:00
db:JVNDBid:JVNDB-2023-020173date:2024-01-16T02:18:00
db:NVDid:CVE-2023-50089date:2023-12-19T20:51:17.553

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-99028date:2023-12-20T00:00:00
db:JVNDBid:JVNDB-2023-020173date:2024-01-16T00:00:00
db:NVDid:CVE-2023-50089date:2023-12-15T17:15:12.780