CVE-2022-36429

2023-03-2117:41:25

CWE-912

talos

github.com

vulnerability

command execution

netgear orbi satellite

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:netgear:rbs750_firmware:4.6.8.5:*:*:*:*:*:*:*"
    ],
    "vendor": "netgear",
    "product": "rbs750_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "4.6.8.5"
      }
    ],
    "defaultStatus": "unknown"
  }
]