Vulnerability Description
NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | R6200 Firmware | <= 1.0.3.12_10.1.11 |
| Netgear | R6200 | v2 |
| Netgear | R6300 Firmware | <= 1.0.4.52_10.0.93 |
| Netgear | R6300 | v2 |
Related Weaknesses (CWE)
References
- http://r6200v2.comBroken LinkURL Repurposed
- https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30078/CVE-202ExploitThird Party Advisory
- https://www.netgear.com/about/security/Vendor Advisory
- http://r6200v2.comBroken LinkURL Repurposed
- https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30078/CVE-202ExploitThird Party Advisory
- https://www.netgear.com/about/security/Vendor Advisory
FAQ
What is CVE-2022-30078?
CVE-2022-30078 is a vulnerability with a CVSS score of 8.8 (HIGH). NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command ...
How severe is CVE-2022-30078?
CVE-2022-30078 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-30078?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear R6200 Firmware, Netgear R6200, Netgear R6300 Firmware, Netgear R6300.