Cyber Resilience

CVE-2022-30079

HighPublic PoCRCE

Published: 08 September 2022

Published
08 September 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1097 93.6th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-30079 is a high-severity OS Command Injection (CWE-78) vulnerability in Netgear R6200. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Command injection vulnerability CVE-2022-30079 affects Netgear R6200 v2 firmware versions through R6200v2-V1.0.3.12 and resides in the /sbin/acos_service binary. The flaw, tracked under CWE-78, permits modification of a vulnerable parameter and carries a CVSS 3.1 score of 8.8 reflecting network attack vector, low complexity, and low required privileges.

Remote authenticated attackers can supply crafted input to the affected binary and achieve command injection, resulting in high impact on confidentiality, integrity, and availability of the device. Exploitation requires valid credentials but no user interaction, enabling an attacker to execute arbitrary commands on the router.

The EPSS score for this CVE reached a peak of 0.2316 after disclosure and currently stands at 0.1097, indicating a material rise that signals emerging exploitation interest following public release. Netgear maintains a security advisory page and product support resources that practitioners should consult for any available firmware updates or configuration guidance.

EU & UK References

Vulnerability details

Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netgear
r6200
r6200v2-v1.0.3.12

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References