CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47209
https://notcve.org/view.php?id=CVE-2022-47209
A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means. Existe un usuario de soporte en el dispositivo y parece ser un backdoor para el personal de soporte técnico. La contraseña predeterminada para esta cuenta es “support” y no puede ser modificado por un usuario a través de ningún medio normalmente accesible. • https://www.tenable.com/security/research/tra-2022-37 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-4390
https://notcve.org/view.php?id=CVE-2022-4390
A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network. • https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html https://www.tenable.com/security/research/tra-2022-36%2C •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44193
https://notcve.org/view.php?id=CVE-2022-44193
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute. Netgear R7000P V1.3.1.64 es vulnerable al desbordamiento del búfer en /usr/sbin/httpd a través de los parámetros: starthour, startminute , endhour, y endminute. • https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/10 https://www.netgear.com/about/security • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44197
https://notcve.org/view.php?id=CVE-2022-44197
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. Netgear R7000P V1.3.0.8 es vulnerable al desbordamiento del búfer mediante el parámetro openvpn_server_ip. • https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/15 https://www.netgear.com/about/security • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44190
https://notcve.org/view.php?id=CVE-2022-44190
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. Netgear R7000P V1.3.1.64 es vulnerable al desbordamiento del búfer mediante el parámetro enable_band_steering. • https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/6 https://www.netgear.com/about/security • CWE-787: Out-of-bounds Write •