Cyber Resilience

CVE-2023-50089

CriticalPublic PoCRCE

Published: 15 December 2023

Published
15 December 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0313 87.1th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-50089 is a critical-severity Command Injection (CWE-77) vulnerability in Netgear Wnr2000 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 12.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The authenticated command injection vulnerability in the NETGEAR router's SOAP authentication process enables arbitrary OS command execution post-authentication, facilitating T1059.008 (Network Device CLI) for command execution on the device and T1210 (Exploitation of Remote Services) via exploitation of the vulnerable remote SOAP service.

Affected Assets

netgear
wnr2000 firmware
1.0.0.70

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References