High
CVE-2022-30079 CVSS:8.8
NETGEAR R6200_v2 could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection vulnerability in the /sbin/acos_service binary. An attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2022-30078 CVSS:9.8
NETGEAR R6200v2 and NETGEAR R6300v2 could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the ipv6_fix.cgi script. By sending a specially-crafted request using shell metacharacters in the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Refer to NETGEAR Website for patch, upgrade or suggested workaround information.