NETGEAR Insight Cloud Remote Code Execution Vulnerability

Summary

NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.

Credit:

The information has been provided by NETGEAR 

The original article can be found at: https://kb.netgear.com/000060977/Security-Advisory-for-Post-Authentication-Command-Injection-on-Insight-Cloud-PSV-2018-0366


Details

NETGEAR Insight Cloud is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

Vulnerable Systems:

  • NETGEAR Insight Cloud before 5.6

CVE Information:

CVE-2019-12591

Disclosure Timeline:
Publish Date:06/03/2019

Categories: News