Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.
Metrics
CVSS Version: 3.1 |
Base Score: 6.1 MEDIUM Vector: CVSS:3.1/AC:L/AV:L/A:L/C:H/I:H/PR:H/S:U/UI:R
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* LOW Privileges Required (PR)* HIGH User Interaction (UI)* REQUIRED Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* LOW
Weakness Enumeration (CWE)
CWE-ID: CWE Name: n/a Source: n/a
Common Attack Pattern Enumeration and Classification (CAPEC)