CVE-2022-30079
HIGHNetgear R6200 v2 - Authenticated OS Command Injection via acos_service Binary
Title source: llmDescription
Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://www.netgear.com/about/security/
Broken Link, URL Repurposed x_refsource_misc
http://r6200v2.com
Exploit, Third Party Advisory x_refsource_misc
https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30079/CVE-2022-30079.md
Product x_refsource_misc
http://netgear.com
Scores
CVSS v3
8.8
EPSS
0.1097
EPSS Percentile
93.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
netgear/r6200
r6200v2-v1.0.3.12
Published
Sep 08, 2022
Tracked Since
Feb 18, 2026