Primary

Context

NETGEAR RAX5 Command Injection Vulnerability in apcli_cancel_wps Function

Vulnerability

A command injection vulnerability has been identified in the NETGEAR RAX5 WiFi Router (AX1600) running firmware version V1.0.2.26. The vulnerability arises in the apcli_cancel_wps function, where the ifname parameter is not properly sanitized, allowing for arbitrary command execution.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the device.

Reproduction

The vulnerability can be reproduced by sending a GET request to the /cgi-bin/luci/admin/mtk/wifi/apcli_cancel_wps/ endpoint. The ifname parameter can be injected with a command, such as 'ls>111.txt', which will be executed on the device. After the injection, the command execution can be verified by checking the contents of the injected file.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NETGEAR RAX5 Command Injection Vulnerability in apcli_cancel_wps Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating