Multiple Command Injection Vulnerabilities in Netgear WG302v2 and WAG302v2 Firmware Upgrade Handler

CVE-2023-38921 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.

Learn more about our Cis Benchmark Audit For Server Software.