exploitDog

CVE-2022-38955

Опубликовано: 20 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9.

Ссылки

https://hackmd.io/%40eupX2KdkT6iNpqJUWk9p4A/SyAnOSd1s
https://www.netgear.com/about/security/
Vendor Advisory
https://hackmd.io/%40eupX2KdkT6iNpqJUWk9p4A/SyAnOSd1s
https://www.netgear.com/about/security/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:netgear:wpn824ext_firmware:1.1.1_1.1.9:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wpn824ext:-:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00097

Низкий

7.5 High

CVSS3

Дефекты

CWE-354

CWE-354

Связанные уязвимости

GHSA-m2rw-gwp5-6wqw

CVSS3: 7.5

github

больше 3 лет назад

An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9.

EPSS

Процентиль: 28%

0.00097

Низкий

7.5 High

CVSS3

Дефекты

CWE-354

CWE-354