Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20.Referenceshttps://kb.netgear.com/000061484/Security-Advisory-for-Post-Authentication-Command-Injection-on-XR500-and-XR700-PSV-2019-0026
