CVE-2022-27946

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
1.4%
top 19.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear R8500 Firmware
Timeline
PublishedMar 26
Latest updateMar 27

Description

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDnetgear/r8500_firmware1.0.2.158

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-89x9-gq75-8c77: NETGEAR R8500 12022-03-27
CVEList
CVE-2022-27946: NETGEAR R8500 12022-03-26
CVE-2022-27946 (HIGH CVSS 8.8) | NETGEAR R8500 1.0.2.158 devices all | cvebase.io