First published: Sat Mar 26 2022(Updated: )
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear R8500 Firmware | =1.0.2.158 | |
NETGEAR R8500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-27946 is a vulnerability that allows remote authenticated users to execute arbitrary commands on NETGEAR R8500 1.0.2.158 devices.
CVE-2022-27946 has a severity rating of 8.8 out of 10, which is considered critical.
CVE-2022-27946 affects NETGEAR R8500 firmware version 1.0.2.158.
Remote authenticated users can exploit CVE-2022-27946 by using shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.
No, NETGEAR R8500 devices are not vulnerable to CVE-2022-27946.