Page 2 of 8 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. • https://tenable.com/security/research/tra-2023-9 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. La consola predeterminada que se presenta a los usuarios a través de telnet (cuando está habilitada) está restringida a un subconjunto de comandos. Sin embargo, los comandos emitidos en esta consola parecen enviarse directamente a una llamada al sistema u otra función similar. • https://www.tenable.com/security/research/tra-2022-37 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means. Existe un usuario de soporte en el dispositivo y parece ser un backdoor para el personal de soporte técnico. La contraseña predeterminada para esta cuenta es “support” y no puede ser modificado por un usuario a través de ningún medio normalmente accesible. • https://www.tenable.com/security/research/tra-2022-37 • CWE-287: Improper Authentication •