CVE-2022-24655
 
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.
Se presenta una vulnerabilidad de desbordamiento de pila en el servicio upnpd de Netgear EX6100v1 versión 201.0.2.28, CAX80 versión 2.1.2.6 y DC112A versión 1.0.0.62, que puede conllevar a una ejecución de código arbitrario sin autenticación
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-02-07 CVE Reserved
- 2022-03-18 CVE Published
- 2024-06-09 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/doudoudedi/Netgear_product_stack_overflow/blob/main/NETGEAR%20EX%20series%20upnpd%20stack_overflow.md | 2024-08-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netgear Search vendor "Netgear" | Ex6100 Firmware Search vendor "Netgear" for product "Ex6100 Firmware" | 201.0.2.28 Search vendor "Netgear" for product "Ex6100 Firmware" and version "201.0.2.28" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex6100 Search vendor "Netgear" for product "Ex6100" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex6200 Firmware Search vendor "Netgear" for product "Ex6200 Firmware" | * | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex6200 Search vendor "Netgear" for product "Ex6200" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Cax80 Firmware Search vendor "Netgear" for product "Cax80 Firmware" | 2.1.2.6 Search vendor "Netgear" for product "Cax80 Firmware" and version "2.1.2.6" | - |
Affected
| in | Netgear Search vendor "Netgear" | Cax80 Search vendor "Netgear" for product "Cax80" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Dc112a Firmware Search vendor "Netgear" for product "Dc112a Firmware" | 1.0.0.62 Search vendor "Netgear" for product "Dc112a Firmware" and version "1.0.0.62" | - |
Affected
| in | Netgear Search vendor "Netgear" | Dc112a Search vendor "Netgear" for product "Dc112a" | - | - |
Safe
|