CVE-2023-33533

Name of the Vulnerable Software and Affected Versions Netgear D6220 version 1.0.0.80 Netgear D8500 version 1.0.3.60 Netgear R6700 version 1.0.2.26 Netgear R6900 version 1.0.2.26

Description The issue is related to the lack of input data sanitization in the firmware of Netgear routers. This allows an attacker with web management privileges to inject commands into the post request parameters, potentially gaining shell privileges.

Recommendations For Netgear D6220 version 1.0.0.80, consider disabling web management privileges until a patch is available. For Netgear D8500 version 1.0.3.60, restrict access to post request parameters to minimize the risk of exploitation. For Netgear R6700 version 1.0.2.26, avoid using the vulnerable firmware until an update is released. For Netgear R6900 version 1.0.2.26, limit the use of shell privileges to prevent potential command injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.