Cyber Resilience

CVE-2023-33533

HighPublic PoCRCE

Published: 06 June 2023

Published
06 June 2023
Modified
08 January 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1117 93.7th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-33533 is a high-severity Command Injection (CWE-77) vulnerability in Netgear D6220 Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 6.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Netgear D6220 running firmware 1.0.0.80, D8500 running 1.0.3.60, and R6700 and R6900 running 1.0.2.26 are affected by a command-injection vulnerability tracked as CVE-2023-33533 and CWE-77. The flaw resides in the web-management interface and permits an authenticated user to supply crafted values in POST request parameters that are executed by the underlying system.

An attacker who first obtains web-management credentials can leverage the injection to execute arbitrary commands and obtain shell-level access on the device. The vulnerability carries a CVSS 3.1 score of 8.8, reflecting network attack vector, low attack complexity, and low privileges required.

Netgear’s security advisory page and the associated technical report provide the primary references for the issue; administrators should consult these sources for any firmware updates or configuration guidance. The EPSS score remains flat at 0.1117 with no material increase since disclosure.

EU & UK References

Vulnerability details

Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the…

more

post request parameters, gaining shell privileges.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netgear
d6220 firmware
1.0.0.80
netgear
d8500 firmware
1.0.3.60
netgear
r6700 firmware
1.0.2.26
netgear
r6900 firmware
1.0.2.26

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References