First published: Sat Mar 26 2022(Updated: )
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear R8500 Firmware | =1.0.2.158 | |
NETGEAR R8500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-27945.
The severity of CVE-2022-27945 is critical with a severity value of 8.8.
Remote authenticated users can exploit CVE-2022-27945 by executing arbitrary commands, such as telnetd, via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.
The affected software is NETGEAR R8500 1.0.2.158 firmware.
Yes, NETGEAR R8500 1.0.2.158 devices are vulnerable to CVE-2022-27945.
The Common Weakness Enumeration (CWE) ID for CVE-2022-27945 is CWE-78.
To fix CVE-2022-27945, it is recommended to update the firmware of NETGEAR R8500 devices to a version that includes a patch for this vulnerability.
More information about CVE-2022-27945 can be found at the following reference: [GitHub - CVE-2022-27945](https://github.com/donothingme/VUL/blob/main/vul2/2.md)