CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27853
https://notcve.org/view.php?id=CVE-2023-27853
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. • https://tenable.com/security/research/tra-2023-9 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47210
https://notcve.org/view.php?id=CVE-2022-47210
The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. La consola predeterminada que se presenta a los usuarios a través de telnet (cuando está habilitada) está restringida a un subconjunto de comandos. Sin embargo, los comandos emitidos en esta consola parecen enviarse directamente a una llamada al sistema u otra función similar. • https://www.tenable.com/security/research/tra-2022-37 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47209
https://notcve.org/view.php?id=CVE-2022-47209
A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means. Existe un usuario de soporte en el dispositivo y parece ser un backdoor para el personal de soporte técnico. La contraseña predeterminada para esta cuenta es “support” y no puede ser modificado por un usuario a través de ningún medio normalmente accesible. • https://www.tenable.com/security/research/tra-2022-37 • CWE-287: Improper Authentication •