Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
https://www.netgear.com/about/security/
https://github.com/wudipjq/my_vuln/blob/main/Netgear6/vuln_62/62.md