Improper Neutralization of Special Elements used in a Command ('Command Injection')
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 18.104.22.168, CBR750 before 22.214.171.124, EAX20 before 126.96.36.199, EAX80 before 188.8.131.52, EX3700 before 184.108.40.206, EX3800 before 220.127.116.11, EX6120 before 18.104.22.168, EX6130 before 22.214.171.124, EX7000 before 126.96.36.199, EX7500 before 188.8.131.52, LAX20 before 184.108.40.206, MR60 before 220.127.116.11, MS60 before 18.104.22.168, R6300v2 before 22.214.171.124, R6400 before 126.96.36.199, R6400v2 before 188.8.131.52, R6700v3 before 184.108.40.206, R6900P before 220.127.116.11, R7000 before 18.104.22.168, R7000P before 22.214.171.124, R7100LG before 126.96.36.199, R7850 before 188.8.131.52, R7900 before 184.108.40.206, R7900P before 220.127.116.11, R7960P before 18.104.22.168, R8000 before 22.214.171.124, R8000P before 126.96.36.199, R8300 before 188.8.131.52, R8500 before 184.108.40.206, RAX15 before 220.127.116.11, RAX20 before 18.104.22.168, RAX200 before 22.214.171.124, RAX35v2 before 126.96.36.199, RAX40v2 before 188.8.131.52, RAX43 before 184.108.40.206, RAX45 before 220.127.116.11, RAX50 before 18.104.22.168, RAX75 before 22.214.171.124, RAX80 before 126.96.36.199, RBK752 before 188.8.131.52, RBK852 before 184.108.40.206, RBK852 before 220.127.116.11, RBR750 before 18.104.22.168, RBR850 before 22.214.171.124, RBR850 before 126.96.36.199, RBS750 before 188.8.131.52, RBS850 before 184.108.40.206, RBS850 before 220.127.116.11, RS400 before 18.104.22.168, XR1000 before 22.214.171.124, and XR300 before 126.96.36.199.
CWE-77 - Command Injection
A command injection attack involves injecting an operating system command through the data input, which gets executed on the host operating system with the privileges of the victimized application. The impact of a command injection attack may range from loss of data confidentiality and integrity to unauthorized remote access to the hosting system. The attack may cause serious data breaches and system takeover.