Overview
- Description
- There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- CWE-77
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6250_firmware:1.0.4.48:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B7946DC-F8BA-4CBC-9A4F-18B773D10310"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "321BE843-52C4-4638-A321-439CA7B3A6F2"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]