CVE Details
Basic Information
| Title | Netgear D6400 diag.cgi os command injection |
|---|---|
| Type | cve |
| Published | 2025-07-10T13:32:05.867Z |
| Modified | 2025-07-10T13:32:05.867Z |
Product Information
| Vendor | Netgear |
|---|---|
| Product | D6400 |
| Version | 1.0.0.114 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical vulnerability in Netgear D6400 firmware version 1.0.0.114 allows remote OS command injection via the diag.cgi file, specifically through the host_name argument. This vulnerability is publicly exploitable and affects unsupported products. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Netgear |
| AI Product | Netgear D6400 |
| AI Version | 1.0.0.114 |
Affected Products
- Netgear D6400 1.0.0.114
Additional Information
| CWE List | CWE-78, CWE-77 |
|---|---|
| Source | VulDB |
Description
A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer.