Details of VAR-202302-1213

ID

VAR-202302-1213

CVE

CVE-2023-0849

TITLE

NETGEAR WNDR3700 Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2025-13476 // CNNVD: CNNVD-202302-1301

DESCRIPTION

A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152. of netgear WNDR3700 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WNDR3700 is a wireless router from NETGEAR. No detailed vulnerability details are provided at present

Trust: 2.25

sources: NVD: CVE-2023-0849 // JVNDB: JVNDB-2023-004143 // CNVD: CNVD-2025-13476 // VULMON: CVE-2023-0849

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13476

AFFECTED PRODUCTS

vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.1.14	Trust: 1.6
vendor:	ネットギア	model:	wndr3700	scope:	eq	version:	wndr3700 firmware 1.0.1.14	Trust: 0.8
vendor:	ネットギア	model:	wndr3700	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wndr3700	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-13476 // JVNDB: JVNDB-2023-004143 // NVD: CVE-2023-0849

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2023-0849
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2023-0849
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2023-0849
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-13476
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202302-1301
value:	CRITICAL
Trust: 0.6

cna@vuldb.com:	CVE-2023-0849
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-13476
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2023-0849
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.2
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2023-0849
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-0849
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-13476 // JVNDB: JVNDB-2023-004143 // CNNVD: CNNVD-202302-1301 // NVD: CVE-2023-0849 // NVD: CVE-2023-0849

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-004143 // NVD: CVE-2023-0849

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1301

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202302-1301

PATCH

title:

url:

https://github.com/Live-Hack-CVE/CVE-2023-0849

Trust: 0.1

sources: VULMON: CVE-2023-0849

EXTERNAL IDS

db:	NVD	id:	CVE-2023-0849	Trust: 3.9
db:	VULDB	id:	221152	Trust: 2.5
db:	JVNDB	id:	JVNDB-2023-004143	Trust: 0.8
db:	CNVD	id:	CNVD-2025-13476	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1301	Trust: 0.6
db:	VULMON	id:	CVE-2023-0849	Trust: 0.1

sources: CNVD: CNVD-2025-13476 // VULMON: CVE-2023-0849 // JVNDB: JVNDB-2023-004143 // CNNVD: CNNVD-202302-1301 // NVD: CVE-2023-0849

REFERENCES

url:	https://vuldb.com/?id.221152	Trust: 2.5
url:	https://vuldb.com/?ctiid.221152	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2023-0849	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2023-0849/	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2023-0849	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2025-13476 // VULMON: CVE-2023-0849 // JVNDB: JVNDB-2023-004143 // CNNVD: CNNVD-202302-1301 // NVD: CVE-2023-0849

SOURCES

db:	CNVD	id:	CNVD-2025-13476
db:	VULMON	id:	CVE-2023-0849
db:	JVNDB	id:	JVNDB-2023-004143
db:	CNNVD	id:	CNNVD-202302-1301
db:	NVD	id:	CVE-2023-0849

LAST UPDATE DATE

2025-06-26T23:23:18.799000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13476	date:	2025-06-25T00:00:00
db:	VULMON	id:	CVE-2023-0849	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004143	date:	2023-10-26T04:20:00
db:	CNNVD	id:	CNNVD-202302-1301	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2023-0849	date:	2024-05-17T02:17:35.917

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13476	date:	2025-06-25T00:00:00
db:	VULMON	id:	CVE-2023-0849	date:	2023-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2023-004143	date:	2023-10-26T00:00:00
db:	CNNVD	id:	CNNVD-202302-1301	date:	2023-02-15T00:00:00
db:	NVD	id:	CVE-2023-0849	date:	2023-02-15T22:15:12.233