CVE-2022-30078

CWE-78 — OS Command Injection CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

1.6%

top 18.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear R6200 Firmware Netgear R6300 Firmware

Timeline

PublishedSep 7

Latest updateSep 8

Description

NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnetgear/r6200_firmware1.0.3.12_10.1.11

▶NVDnetgear/r6300_firmware1.0.4.52_10.0.93

🔴Vulnerability Details

GHSA

GHSA-rhrp-724q-r9w5: NETGEAR R6200_V2 firmware versions through R6200v2-V1↗2022-09-08

▶

CVEList

CVE-2022-30078: NETGEAR R6200_V2 firmware versions through R6200v2-V1↗2022-09-07

▶