Arbitrary Command Execution Vulnerability in NETGEAR R8500 1.0.2.158 Devices

Arbitrary Command Execution Vulnerability in NETGEAR R8500 1.0.2.158 Devices

CVE-2022-27946 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.

Learn more about our User Device Pen Test.