Arbitrary Command Execution Vulnerability in NETGEAR R8500 1.0.2.158

CVE-2022-27945 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.

Learn more about our User Device Pen Test.