Lucene search

[email protected]CVE-2022-27945

HistoryMar 26, 2022 - 5:15 p.m.

CVE-2022-27945

2022-03-2617:15:10

CWE-78

[email protected]

web.nvd.nist.gov

121

cve-2022-27945

netgear

r8500

command execution

remote authentication

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.9%

JSON

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.

Affected configurations

NVD

Node

netgearr8500_firmwareMatch1.0.2.158

AND

netgearr8500Match-

CPENameOperatorVersion
netgear:r8500_firmwarenetgear r8500 firmwareeq1.0.2.158

CPE	Name	Operator	Version
netgear:r8500_firmware	netgear r8500 firmware	eq	1.0.2.158

References

github.com/donothingme/VUL/blob/main/vul2/2.md

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.9%

JSON

Related for CVE-2022-27945

prion1 nvd1 cvelist1