Lucene search

[email protected]CVE-2022-48196

HistoryDec 30, 2022 - 8:15 a.m.

CVE-2022-48196

2022-12-3008:15:07

CWE-120

[email protected]

web.nvd.nist.gov

cve-2022-48196

netgear

buffer overflow

security vulnerability

unauthenticated attacker

rax40

rax35

r6400v2

r6700v3

r6900p

r7000p

r7000

r7960p

r8000p

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.9%

JSON

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.

Affected configurations

NVD

Node

netgearrax40_firmwareRange<1.0.2.60

AND

netgearrax40Match-

Node

netgearrax35_firmwareRange<1.0.2.60

AND

netgearrax35Match-

Node

netgearr6400v2_firmwareRange<1.0.4.122

AND

netgearr6400v2Match-

Node

netgearr6700v3_firmwareRange<1.0.4.122

AND

netgearr6700v3Match-

Node

netgearr6900p_firmwareRange<1.3.3.152

AND

netgearr6900pMatch-

Node

netgearr7000p_firmwareRange<1.3.3.152

AND

netgearr7000pMatch-

Node

netgearr7000_firmwareRange<1.0.11.136

AND

netgearr7000Match-

Node

netgearr7960p_firmwareRange<1.4.4.94

AND

netgearr7960pMatch-

Node

netgearr8000p_firmwareRange<1.4.4.94

AND

netgearr8000pMatch-

CPENameOperatorVersion
netgear:rax40_firmwarenetgear rax40 firmwarelt1.0.2.60

CPE	Name	Operator	Version
netgear:rax40_firmware	netgear rax40 firmware	lt	1.0.2.60

References

kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208

www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for CVE-2022-48196

cvelist1 nvd1 prion1