Command Injection Vulnerability in Netgear R6220 Router
CVE-2022-42221

8.8HIGH

Key Information:

Vendor: Netgear
Status: R6220 Firmware
Vendor: CVE Published:; 17 October 2022

Summary

The Netgear R6220 Router is exposed to a command injection vulnerability due to incorrect access controls in its handling of requests. This flaw allows attackers to execute arbitrary commands on the device with potentially severe implications for network security. By exploiting this vulnerability, unauthorized users can gain access to sensitive functionalities and systems, underscoring the necessity of prompt updates and active vulnerability management.

References

https://www.netgear.com/about/security/

https://github.com/Cj775995/CVE_Report/tree/main/Netgear/...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2022
Vulnerability Reserved
Oct 3, 2022