CVE-2023-50089
CRITICALNETGEAR WNR2000v4 1.0.0.70 - Authenticated Command Injection via SOAP Authentication
Title source: llmDescription
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/WNR2000v4-1.0.0.70-Authorized-Command-Injection.md
Vendor Advisory
https://www.netgear.com/about/security/
Scores
CVSS v3
9.8
EPSS
0.0313
EPSS Percentile
87.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
netgear/wnr2000_firmware
1.0.0.70
Published
Dec 15, 2023
Tracked Since
Feb 18, 2026