Description
There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.
References (2)
Core 2
Core References
Product
http://netgear.com
Exploit, Third Party Advisory
https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf
Scores
CVSS v3
9.8
EPSS
0.2739
EPSS Percentile
96.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
netgear/r6250_firmware
1.0.4.48
Published
Jun 06, 2023
Tracked Since
Feb 18, 2026