Cyber Resilience

CVE-2023-33532

CriticalPublic PoCRCE

Published: 06 June 2023

Published
06 June 2023
Modified
08 January 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1631 95.0th percentile
Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-33532 is a critical-severity Command Injection (CWE-77) vulnerability in Netgear R6250 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 5.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-33532 is a command injection vulnerability affecting the Netgear R6250 router running firmware version 1.0.4.48. The flaw, tracked under CWE-77, resides in the web management interface and permits an attacker to supply crafted parameters in POST requests that are executed by the underlying system.

An attacker who first obtains web management access can leverage the injection to execute arbitrary commands and escalate to shell-level privileges on the device. The vulnerability carries a CVSS 3.1 score of 9.8, reflecting network-accessible exploitation with no required user interaction or special privileges beyond initial management access.

The associated EPSS score rose from a low baseline after disclosure to a peak of 0.3026 on 2025-12-11 before receding to the current value of 0.1631, indicating a later surge in exploitation interest. Public references consist of Netgear product pages and a detailed proof-of-concept document hosted on GitHub that demonstrates the remote code execution path.

EU & UK References

Vulnerability details

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netgear
r6250 firmware
1.0.4.48

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References