1 results (0.001 seconds)
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38921
https://notcve.org/view.php?id=CVE-2023-38921
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. • https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/upgrade_handler https://www.netgear.com/about/security • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •