Robera

**Name of the Vulnerable Software and Affected Versions** NETGEAR CAX30S versions (affected versions not specified) NETGEAR CAX30 versions (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR routers. Authentication is not required to exploit this issue. The specific flaw exists within the handling of the `token` parameter provided to the "sso.php" endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For NETGEAR CAX30S, consider disabling access to the "sso.php" endpoint until a patch is available. For NETGEAR CAX30, consider disabling access to the "sso.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.