Vulnerability Details CVE-2022-30078
NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.0%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-30078
-
cpe:2.3:h:netgear:r6200:v2
-
cpe:2.3:h:netgear:r6300:v2
-
cpe:2.3:o:netgear:r6200_firmware:-
-
cpe:2.3:o:netgear:r6200_firmware:1.0.1.56_1.0.43
-
cpe:2.3:o:netgear:r6300_firmware:-
-
cpe:2.3:o:netgear:r6300_firmware:1.0.0.36
-
cpe:2.3:o:netgear:r6300_firmware:1.0.2.78_1.0.58
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.06
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.12
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.18
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.22
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.24
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.28
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.32
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.34
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.36
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.6
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.8
-
cpe:2.3:o:netgear:r6300_firmware:1.0.4.8_10.0.77