Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-30078

NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters.

Published

2022-09-07T19:15:08.513

Last Modified

2024-11-21T07:02:10.303

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	r6200_firmware	≤ 1.0.3.12_10.1.11	Yes
Hardware	netgear	r6200	v2	No
Operating System	netgear	r6300_firmware	≤ 1.0.4.52_10.0.93	Yes
Hardware	netgear	r6300	v2	No

References

http://r6200v2.com Broken Link, URL Repurposed ([email protected])
https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30078/CVE-2022-30078.md Exploit, Third Party Advisory ([email protected])
https://www.netgear.com/about/security/ Vendor Advisory ([email protected])
http://r6200v2.com Broken Link, URL Repurposed (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30078/CVE-2022-30078.md Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.netgear.com/about/security/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)