Command Injection Vulnerability in NETGEAR WNR1000V4 1.1.0.54 Devices

Command Injection Vulnerability in NETGEAR WNR1000V4 1.1.0.54 Devices

CVE-2019-20488 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter.

Learn more about our Web App Pen Testing.