CVE-2022-30079
Published: 08 September 2022
Summary
CVE-2022-30079 is a high-severity OS Command Injection (CWE-78) vulnerability in Netgear R6200. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Command injection vulnerability CVE-2022-30079 affects Netgear R6200 v2 firmware versions through R6200v2-V1.0.3.12 and resides in the /sbin/acos_service binary. The flaw, tracked under CWE-78, permits modification of a vulnerable parameter and carries a CVSS 3.1 score of 8.8 reflecting network attack vector, low complexity, and low required privileges.
Remote authenticated attackers can supply crafted input to the affected binary and achieve command injection, resulting in high impact on confidentiality, integrity, and availability of the device. Exploitation requires valid credentials but no user interaction, enabling an attacker to execute arbitrary commands on the router.
The EPSS score for this CVE reached a peak of 0.2316 after disclosure and currently stands at 0.1097, indicating a material rise that signals emerging exploitation interest following public release. Netgear maintains a security advisory page and product support resources that practitioners should consult for any available firmware updates or configuration guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-35293
Vulnerability details
Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.