(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetgear Wn604
HWNetgearwszystkie wersjeNetgear Wn604 Firmware
OSNetgear≤ 3.3.2Netgear Wn802tv2
HWNetgearwszystkie wersjeNetgear Wn802tv2 Firmware
OSNetgear≤ 3.0.5.0Netgear Wnap320
HWNetgearwszystkie wersjeNetgear Wnap320 Firmware
OSNetgear≤ 3.0.5.0Netgear Wndap210v2
HWNetgearwszystkie wersjeNetgear Wndap210v2 Firmware
OSNetgear≤ 3.0.5.0Netgear Wndap350
HWNetgearwszystkie wersjeNetgear Wndap350 Firmware
OSNetgear≤ 3.0.5.0Netgear Wndap360
HWNetgearwszystkie wersjeNetgear Wndap360 Firmware
OSNetgear≤ 3.0.5.0Netgear Wndap660
HWNetgearwszystkie wersjeNetgear Wndap660 Firmware
OSNetgear≤ 3.0.5.0
CISA KEV — detailsi
- Vendori
- NETGEAR
- Producti
- Wireless Access Point (WAP) Devices
- Added to KEVi
- March 25, 2022
- Remediation deadline (US Federal)i
- April 15, 2022(overdue)
Apply updates per vendor instructions.
Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.
Related vulnerabilities
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This aff...
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames ...
Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier...
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 ...
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 befo...