CVE-2022-30078

NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters.

Published: Sep 7, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-30078
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78
CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
netgear / r6200_firmware	-	1.0.3.12_10.1.11.x
netgear / r6300_firmware	-	1.0.4.52_10.0.93.x

http://r6200v2.com
https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30078/CVE-2022-30078.md
https://www.netgear.com/about/security/

Vulnerability Database

289,697

CVE-2022-30078