Primary

Context

Netgear EX8000 Command Injection Vulnerability in switch_status Function

Vulnerability

A command injection vulnerability has been identified in the Netgear EX8000 router, specifically in version 1.0.0.126. The issue arises within the switch_status function, allowing for unauthorized command execution.

Impact

Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands on the device.

Reproduction

The vulnerability can be reproduced by sending a crafted request that exploits the switch_status function. This can be done using a variety of tools that allow for HTTP request manipulation, such as curl or Postman. The specific details of the request needed to trigger the vulnerability are not provided, but the command injection can be observed in the accompanying video demonstration.

Added: Dec 23, 2025, 4:25 PM

Updated: Dec 23, 2025, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

8.1

remediation

0.0

relevance

1.6

threat

1.6

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

8.1

remediation

0.0

relevance

1.6

threat

1.6

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netgear EX8000 Command Injection Vulnerability in switch_status Function

Vulnerability

Impact

Reproduction

Affected Products

Netgear EX8000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating