Lucene search

MitreCVELIST:CVE-2022-46424

HistoryDec 20, 2022 - 12:00 a.m.

CVE-2022-46424

2022-12-2000:00:00

mitre

www.cve.org

netgear

xwn5001

powerline

wifi

firmware

vulnerability

arbitrary code execution

mitm attack

crc check

dos

cve-2022-46424

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

50.9%

JSON

An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v0.4.1.1 and earlier.

References

hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1rKQuzDj

www.netgear.com/about/security/