CVE-2022-46424
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v0.4.1.1 and earlier.
Se descubrió una vulnerabilidad de modificación de firmware explotable en el punto de acceso WiFi Netgear XWN5001 Powerline 500. Un atacante puede realizar un ataque MITM (Man-in-the-Middle) para modificar la imagen de firmware cargada por el usuario y eludir la verificación CRC, lo que permite a los atacantes ejecutar código arbitrario o provocar una Denegación de Servicio (DoS). Esto afecta a la versión 0.4.1.1 y anteriores.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-12-05 CVE Reserved
- 2022-12-20 CVE Published
- 2024-07-12 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1rKQuzDj |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.netgear.com/about/security | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netgear Search vendor "Netgear" | Xwn5001 Firmware Search vendor "Netgear" for product "Xwn5001 Firmware" | <= 0.4.1.1 Search vendor "Netgear" for product "Xwn5001 Firmware" and version " <= 0.4.1.1" | - |
Affected
| in | Netgear Search vendor "Netgear" | Xwn5001 Search vendor "Netgear" for product "Xwn5001" | - | - |
Safe
|