CVE-2019-20655
Description
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection vulnerability in NETGEAR XR500 and XR700 routers allows authenticated users to execute arbitrary commands, fixed in firmware versions 2.3.2.56 and 1.0.1.20 respectively.
Vulnerability
NETGEAR XR500 and XR700 routers running firmware versions prior to 2.3.2.56 and 1.0.1.20 respectively are affected by a post-authentication command injection vulnerability [1]. The vulnerability exists in the device's firmware and can be exploited by an authenticated user.
Exploitation
An attacker must first authenticate to the device's web interface. Once authenticated, they can send specially crafted requests that inject operating system commands, which are then executed with root privileges [1].
Impact
Successful exploitation allows an authenticated attacker to execute arbitrary commands as root on the affected device, leading to complete compromise of the router's confidentiality, integrity, and availability [1].
Mitigation
NETGEAR has released firmware updates to fix this vulnerability: XR500 firmware version 2.3.2.56 and XR700 firmware version 1.0.1.20 [1]. Affected users should download and install the latest firmware from NETGEAR Support. No workarounds are available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- NETGEAR/devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.