CVE-2022-30078 The R6200_V2 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 are vulnerable to a command injection attack.

CVE-2017-18203 has been assigned to this issue. A remote attacker could leverage these issues to execute arbitrary code on the affected device. In addition, these issues could be abused to cause denial of service on the affected device. These issues have been fixed in the latest R6200_V2 firmware through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware through R6300v2-V1.0.4.52_10.0.93. GE has assigned the CVE-2017-18203 to these issues. A remote attacker could leverage these issues to execute arbitrary code on the affected device. In addition, these issues could be abused to cause denial of service on the affected device. These issues have been fixed in the latest R6200_V2 firmware through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware through R6300v2-V1.0.4.52_10.0.93. CVE-2017-18204 has been assigned to this issue. A remote attacker could leverage these issues to obtain sensitive information on the affected device. In addition, these issues could be abused to cause denial of service on the affected device. These issues have been fixed in the latest R6200_V2 firmware through R6200v2-V1.0

Affected Products

The following products are vulnerable to these issues and have been patched:
- R6200_V2 firmware through R6200v2-V1.0.3.12_10.1.11
- R6300_V2 firmware through R6300v2-V1.0.4.52_10.0.93
GE has assigned the CVE-2017-18203 to these issues and has released a firmware update for all affected devices:

https://www.ge-solutions.com/support/software/firmwares

B UG

GE has assigned the CVE-2017-18204 to these issues. A remote attacker could leverage these issues to obtain sensitive information on the affected device. In addition, these issues could be abused to cause denial of service on the affected device. These issues have been fixed in the latest R6200_V2 firmware through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware through R6300v2-V1.0.4.52_10.0.93.

Keywords: Cisco ASA Software, Cisco Firewall, Denial of Service, Vulnerability

A remote attacker could leverage these issues to obtain sensitive information on the affected device. In addition, these issues could be abused to cause denial of service on the affected device. These issues have been fixed in the latest R6200_V2 firmware through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware through R6300v2-V1.0.4.52_10.0.93

Timeline

Published on: 09/07/2022 19:15:00 UTC
Last modified on: 09/12/2022 18:36:00 UTC

References

• https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30078/CVE-2022-30078.md
• https://www.netgear.com/about/security/
• http://r6200v2.com
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30078