Netgear Vulnerability Vendor: Netgear Product: DG400 Version: 1.0.0.114 Type: Remote Command Execution Author: Jiaqian Peng Institution: pengjiaqian@iie.ac.cn Vulnerability Description We discovered a Command Injection vulnerability in Netgear router firmware, which allows remote attackers to execute arbitrary OS commands via a specially crafted request. Remote Command Execution In the function, the parameter is directly controlled by the attacker, enabling manipulation of to inject and execute commands on the underlying OS. The initial input is extracted without proper sanitization, leading to command injection. POC Set to , and the router will execute the command: Result Obtain a shell!