CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23690 – EOL Netgear FVS336v3 Telnet Configuration Backup Command Injection
https://notcve.org/view.php?id=CVE-2024-23690
04 Feb 2025 — The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands. • https://vulncheck.com/advisories/netgear-fvs336g-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-10106
https://notcve.org/view.php?id=CVE-2016-10106
03 Jan 2017 — Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file. Vulnerabilidad de salto de directorio en scgi-bin/platform.cgi en dispositivos NETGEAR FVS336Gv3, FVS318N, FVS318Gv2 y SRX5308 con firmware en versiones anteriores a 4.3.3-8 permite a usuarios remotos autentic... • http://kb.netgear.com/30739/Path-Traversal-Attack-Security-Vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •