1 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. • https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/upgrade_handler https://www.netgear.com/about/security • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •