CVE-2023-38921 Information

Description

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.

Reference

https://www.netgear.com/about/security/ https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/upgrade_handler