Arbitrary Command Execution Vulnerability in NETGEAR R8500 1.0.2.158 Devices

Arbitrary Command Execution Vulnerability in NETGEAR R8500 1.0.2.158 Devices

CVE-2022-27947 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.

Learn more about our User Device Pen Test.