Vulnerabilities > Netgear > R8500 Firmware > 1.0.2.158

DATE CVE VULNERABILITY TITLE RISK
2022-03-26 CVE-2022-27945 OS Command Injection vulnerability in Netgear R8500 Firmware 1.0.2.158
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.
network
low complexity
netgear CWE-78
critical
 9.0
9.0
2022-03-26 CVE-2022-27946 OS Command Injection vulnerability in Netgear R8500 Firmware 1.0.2.158
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.
network
low complexity
netgear CWE-78
critical
 9.0
9.0
2022-03-26 CVE-2022-27947 OS Command Injection vulnerability in Netgear R8500 Firmware 1.0.2.158
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.
network
low complexity
netgear CWE-78
critical
 9.0
9.0