Lucene search

[email protected]NVD:CVE-2022-46423

HistoryDec 20, 2022 - 8:15 p.m.

CVE-2022-46423

2022-12-2020:15:10

[email protected]

web.nvd.nist.gov

exploitable firmware

mitm attack

crc check bypass

arbitrary code execution

dos

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.9%

JSON

An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.

Affected configurations

Nvd

Node

netgearwnr2000_firmwareRange≤1.2.3.7

AND

netgearwnr2000Match1.0

VendorProductVersionCPE
netgearwnr2000_firmware*cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*
netgearwnr20001.0cpe:2.3:h:netgear:wnr2000:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	wnr2000_firmware	*	cpe:2.3:o:netgear:wnr2000_firmware::::::::
netgear	wnr2000	1.0	cpe:2.3:h:netgear:wnr2000:1.0:::::::*

References

hackmd.io/%40slASVrz_SrW7NQCsunofeA/BktKl8ZDo

www.netgear.com/about/security/

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.9%

JSON

Related for NVD:CVE-2022-46423

cve1 cvelist1 prion1