Daming Dominic Chen

**Name of the Vulnerable Software and Affected Versions** Netgear WN604 versions prior to 3.3.3 Netgear WN802Tv2 versions prior to 3.5.5.0 Netgear WNAP210v2 versions prior to 3.5.5.0 Netgear WNAP320 versions prior to 3.5.5.0 Netgear WNDAP350 versions prior to 3.5.5.0 Netgear WNDAP360 versions prior to 3.5.5.0 Netgear WNDAP660 versions prior to 3.5.5.0 **Description** The issue is related to a lack of input data sanitization in the `boardData102.php`, `boardData103.php`, `boardDataJP.php`, `boardDataNA.php`, and `boardDataWW.php` scripts, allowing remote attackers to execute arbitrary commands. This can be exploited by sending malicious input to the affected API endpoints. **Recommendations** For Netgear WN604 versions prior to 3.3.3, update to version 3.3.3 or later. For Netgear WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 versions prior to 3.5.5.0, update to version 3.5.5.0 or later. As a temporary workaround, consider restricting access to the `boardData102.php`, `boardData103.php`, `boardDataJP.php`, `boardDataNA.php`, and `boardDataWW.php` scripts until a patch is available.