CVE-2023-50089

Name of the Vulnerable Software and Affected Versions NETGEAR WNR2000v4 version 1.0.0.70

Description A Command Injection issue exists when using HTTP for SOAP authentication, allowing command execution after successful authentication. This can be exploited by sending specially crafted HTTP requests, potentially enabling remote attackers to execute arbitrary commands. The vulnerability is related to the soap auth() function and inadequate data sanitization on the management level.

Recommendations For NETGEAR WNR2000v4 version 1.0.0.70, consider disabling the soap auth() function until a patch is available to prevent command injection attacks. Restrict access to the SOAP authentication process to minimize the risk of exploitation. Avoid using HTTP for SOAP authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.