Improper Neutralization of Special Elements used in a Command ('Command Injection')
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900 before 18.104.22.168, R7900P before 22.214.171.124, R8000 before 126.96.36.199, R8000P before 188.8.131.52, RAX200 before 184.108.40.206, MR60 before 220.127.116.11, RAX45 before 18.104.22.168, RAX80 before 22.214.171.124, MS60 before 126.96.36.199, RAX50 before 188.8.131.52, RAX75 before 184.108.40.206, RBR750 before 220.127.116.11, RBR850 before 18.104.22.168, RBS750 before 22.214.171.124, RBS850 before 126.96.36.199, RBK752 before 188.8.131.52, and RBK852 before 184.108.40.206.
CWE-77 - Command Injection
A command injection attack involves injecting an operating system command through the data input, which gets executed on the host operating system with the privileges of the victimized application. The impact of a command injection attack may range from loss of data confidentiality and integrity to unauthorized remote access to the hosting system. The attack may cause serious data breaches and system takeover.