CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38955
https://notcve.org/view.php?id=CVE-2022-38955
An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9. Se ha detectado una vulnerabilidad de modificación del firmware explotable en el extensor de rango WiFi WPN824EXT de Netgear. • https://hackmd.io/%40eupX2KdkT6iNpqJUWk9p4A/SyAnOSd1s https://www.netgear.com/about/security • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38956
https://notcve.org/view.php?id=CVE-2022-38956
An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier. Se ha detectado una vulnerabilidad explotable de downgrade de firmware en el extensor de rango WiFi WPN824EXT de Netgear. Un atacante puede llevar a cabo un ataque de tipo MITM para sustituir la imagen de firmware descargada por el usuario por una imagen de firmware antigua original. • https://hackmd.io/%40eupX2KdkT6iNpqJUWk9p4A/SyAnOSd1s https://www.netgear.com/about/security • CWE-354: Improper Validation of Integrity Check Value •