CVE-2023-33532

Name of the Vulnerable Software and Affected Versions Netgear R6250 router with Firmware Version 1.0.4.48

Description The issue is related to a command injection vulnerability. It is associated with a lack of input data sanitization measures. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges. This could allow a remote attacker to elevate their privileges and execute arbitrary commands.

Recommendations For Firmware Version 1.0.4.48, consider disabling web management privileges until a patch is available to prevent command injection. Restrict access to the router's web management interface to minimize the risk of exploitation. Avoid using the vulnerable firmware version until an update is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.