cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-27946,https://securityvulnerability.io/vulnerability/CVE-2022-27946,Command Injection Vulnerability in NETGEAR R8500 Devices,"NETGEAR R8500 devices running firmware version 1.0.2.158 are susceptible to a command injection vulnerability. This issue arises when remote authenticated users can manipulate shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters through the admin_account.cgi interface. By exploiting this vulnerability, attackers may execute arbitrary commands on the device, potentially compromising the system's integrity and security.",Netgear,R8500 Firmware,8.8,HIGH,0.0020800000056624413,false,,false,false,false,,,false,false,,2022-03-26T16:14:03.000Z,0
CVE-2022-27947,https://securityvulnerability.io/vulnerability/CVE-2022-27947,Remote Command Execution in NETGEAR R8500 Router,"The NETGEAR R8500 router, particularly version 1.0.2.158, is vulnerable to a remote command execution flaw. This issue arises from improper handling of shell metacharacters in various parameters, including ipv6_fix.cgi's ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length. Authenticated users can exploit this vulnerability to execute arbitrary commands on the device, potentially compromising network security.",Netgear,R8500 Firmware,8.8,HIGH,0.0020800000056624413,false,,false,false,false,,,false,false,,2022-03-26T16:13:45.000Z,0
CVE-2022-27945,https://securityvulnerability.io/vulnerability/CVE-2022-27945,Arbitrary Command Execution in NETGEAR R8500 Devices,"NETGEAR R8500 devices running firmware version 1.0.2.158 are susceptible to a significant security vulnerability that enables remote authenticated users to execute arbitrary commands. This exploitation can occur via the sysNewPasswd and sysConfirmPasswd parameters in the password.cgi script, which improperly handles shell metacharacters. As a result, malicious actors could leverage this flaw to gain unauthorized access and control of the device, highlighting the importance of securing user inputs in web applications.",Netgear,R8500 Firmware,8.8,HIGH,0.0020800000056624413,false,,false,false,false,,,false,false,,2022-03-26T16:13:33.000Z,0
CVE-2017-18865,https://securityvulnerability.io/vulnerability/CVE-2017-18865,,Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104.,Netgear,R8500 Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-05-05T13:48:11.000Z,0
CVE-2019-20739,https://securityvulnerability.io/vulnerability/CVE-2019-20739,,NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overflow by an unauthenticated attacker.,Netgear,R8500 Firmware,4.3,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2020-04-16T19:18:29.000Z,0