Primary

Context

Netgear EX8000 Command Injection Vulnerability in action_wireless Function

Vulnerability

A command injection vulnerability has been identified in the Netgear EX8000 router, specifically in version V1.0.0.126. The issue arises in the action_wireless function, where the Iface parameter can be manipulated to inject and execute arbitrary commands.

Impact

Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands on the device.

Reproduction

The vulnerability can be reproduced by sending a request to the action_wireless function with a crafted Iface parameter that includes the injected commands. This can be done using a variety of tools that allow for HTTP request manipulation, such as curl or Postman.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netgear EX8000 Command Injection Vulnerability in action_wireless Function

Vulnerability

Impact

Reproduction

Affected Products

Netgear EX8000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating