CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38955
https://notcve.org/view.php?id=CVE-2022-38955
An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9. Se ha detectado una vulnerabilidad de modificación del firmware explotable en el extensor de rango WiFi WPN824EXT de Netgear. • https://hackmd.io/%40eupX2KdkT6iNpqJUWk9p4A/SyAnOSd1s https://www.netgear.com/about/security • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38956
https://notcve.org/view.php?id=CVE-2022-38956
An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier. Se ha detectado una vulnerabilidad explotable de downgrade de firmware en el extensor de rango WiFi WPN824EXT de Netgear. Un atacante puede llevar a cabo un ataque de tipo MITM para sustituir la imagen de firmware descargada por el usuario por una imagen de firmware antigua original. • https://hackmd.io/%40eupX2KdkT6iNpqJUWk9p4A/SyAnOSd1s https://www.netgear.com/about/security • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 8.8EPSS: 12%CPEs: 2EXPL: 1CVE-2022-30079
https://notcve.org/view.php?id=CVE-2022-30079
Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter. Se ha detectado una vulnerabilidad de inyección de comandos en el firmware Netgear R6200 v2 por medio de R6200v2-V1.0.3.12, por medio del binario /sbin/acos_service, que podría permitir a atacantes remotos autenticados la capacidad de modificar valores en el parámetro vulnerable • http://netgear.com http://r6200v2.com https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30079/CVE-2022-30079.md https://www.netgear.com/about/security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34236
https://notcve.org/view.php?id=CVE-2021-34236
Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to '/bd_genie_create_account.cgi' with a sufficiently long parameter 'register_country'. Un Desbordamiento de Búfer en el Enrutador Netgear R8000 con versiones de firmware v1.0.4.56, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio mediante el envío de un POST manipulado a "/bd_genie_create_account.cgi" con un parámetro suficientemente largo "register_country" • https://github.com/Davidteeri/Bug-Report/blob/main/netgear-8000.md https://github.com/advisories/GHSA-vfq9-7wg3-4mjx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 1CVE-2022-30078
https://notcve.org/view.php?id=CVE-2022-30078
NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters. Las versiones del firmware NETGEAR versiones R6200_V2 hasta R6200v2-V1.0.3.12_10.1.11 y las versiones del firmware R6300_V2 hasta R6300v2-V1.0.4.52_10.0.93, permiten a atacantes remotos autenticados ejecutar un comando arbitrario por medio de meta caracteres de shell en los parámetros ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length o ipv6_lan_length • http://r6200v2.com https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30078/CVE-2022-30078.md https://www.netgear.com/about/security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •