Runyuan Mei (maybethetricker)

CVE-2022-30078 WRITEUP HIGH WRITEUP

NETGEAR R6200/R6300 Firmware <1.0.3.12/1.0.4.52 Authenticated OS Command Injection

NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters.

CVSS 8.8

View Code

CVE-2022-30079 WRITEUP HIGH WRITEUP

Netgear R6200 v2 - Authenticated OS Command Injection via acos_service Binary

Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter.

CVSS 8.8

View Code