CVE-2022-30078
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters.
Las versiones del firmware NETGEAR versiones R6200_V2 hasta R6200v2-V1.0.3.12_10.1.11 y las versiones del firmware R6300_V2 hasta R6300v2-V1.0.4.52_10.0.93, permiten a atacantes remotos autenticados ejecutar un comando arbitrario por medio de meta caracteres de shell en los parĂ¡metros ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length o ipv6_lan_length
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-05-02 CVE Reserved
- 2022-09-07 CVE Published
- 2024-07-24 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://r6200v2.com | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30078/CVE-2022-30078.md | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.netgear.com/about/security | 2024-02-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netgear Search vendor "Netgear" | R6200 Firmware Search vendor "Netgear" for product "R6200 Firmware" | <= 1.0.3.12_10.1.11 Search vendor "Netgear" for product "R6200 Firmware" and version " <= 1.0.3.12_10.1.11" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6200 Search vendor "Netgear" for product "R6200" | v2 Search vendor "Netgear" for product "R6200" and version "v2" | - |
Safe
|
| Netgear Search vendor "Netgear" | R6300 Firmware Search vendor "Netgear" for product "R6300 Firmware" | <= 1.0.4.52_10.0.93 Search vendor "Netgear" for product "R6300 Firmware" and version " <= 1.0.4.52_10.0.93" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6300 Search vendor "Netgear" for product "R6300" | v2 Search vendor "Netgear" for product "R6300" and version "v2" | - |
Safe
|