CVE-2022-38955

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9.

Se ha detectado una vulnerabilidad de modificación del firmware explotable en el extensor de rango WiFi WPN824EXT de Netgear. Un atacante puede llevar a cabo un ataque de tipo MITM para modificar la imagen de firmware cargada por el usuario y omitir la comprobación CRC. Un ataque con éxito puede introducir una puerta trasera en el dispositivo o hacer que el dispositivo sea DoS. Esto afecta a la versión de firmware: 1.1.1_1.1.9

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-29 CVE Reserved
2022-09-20 CVE Published
2024-04-12 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-354: Improper Validation of Integrity Check Value

CAPEC

References (2)

URL	Tag	Source
https://hackmd.io/%40eupX2KdkT6iNpqJUWk9p4A/SyAnOSd1s	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.netgear.com/about/security	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netgear Search vendor "Netgear"	Wpn824ext Firmware Search vendor "Netgear" for product "Wpn824ext Firmware"	1.1.1_1.1.9 Search vendor "Netgear" for product "Wpn824ext Firmware" and version "1.1.1_1.1.9"	-	Affected	in	Netgear Search vendor "Netgear"	Wpn824ext Search vendor "Netgear" for product "Wpn824ext"	-	-	Safe