N/A

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Netgear NETGEAR R7800 操作系统命令注入漏洞

Netgear NETGEAR R7800是美国网件（Netgear）公司的一款无线路由器。 NETGEAR R7800 存在操作系统命令注入漏洞，该漏洞源于使用用户提供的字符串执行系统调用之前，没有对它进行适当的验证。攻击者可利用该漏洞在root上下文中执行代码。

N/A

N/A