CVE-2022-27947
Published: 26 March 2022
Summary
CVE-2022-27947 is a high-severity OS Command Injection (CWE-78) vulnerability in Netgear R8500 Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 10.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
NETGEAR R8500 devices running firmware version 1.0.2.158 contain a command-injection vulnerability tracked as CVE-2022-27947 and assigned CWE-78. The flaw resides in the ipv6_fix.cgi endpoint, where the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length parameters are passed to the shell without proper sanitization, allowing arbitrary command execution.
Remote authenticated users can supply shell metacharacters in any of the four parameters to run commands such as starting a telnet daemon. With a CVSS score of 8.8, successful exploitation grants the attacker full control over confidentiality, integrity, and availability on the affected device.
The two provided references point to the same GitHub repository containing vulnerability details but do not describe official patches or mitigation steps from the vendor. The EPSS score reached a modest peak of 0.0644 in late 2025 before receding to its current value of 0.0500, indicating limited sustained exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-32435
Vulnerability details
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.