CVE-2022-27946

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.
References
Link Resource
https://github.com/donothingme/VUL/blob/main/vul3/3.md Exploit Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:r8500_firmware:1.0.2.158:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*

Information

Published : 2022-03-26 10:15

Updated : 2022-03-30 18:00


NVD link : CVE-2022-27946

Mitre link : CVE-2022-27946


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

netgear

  • r8500_firmware
  • r8500