Sign-up

ID

VAR-202203-1236


CVE

CVE-2022-24655


TITLE

NETGEAR EX6100v1 Stack Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-28477

DESCRIPTION

A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication. NETGEAR EX6100v1 is a WiFi range extender from Netgear, USA. An attacker could exploit this vulnerability to execute arbitrary code

Trust: 1.44

sources: NVD: CVE-2022-24655 // CNVD: CNVD-2022-28477

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-28477

AFFECTED PRODUCTS

vendor:netgearmodel:dc112ascope:eqversion:1.0.0.62

Trust: 1.6

vendor:netgearmodel:cax80scope:eqversion:2.1.2.6

Trust: 1.6

vendor:netgearmodel:ex6100scope:eqversion:201.0.2.28

Trust: 1.0

vendor:netgearmodel:ex6200scope:eqversion:*

Trust: 1.0

vendor:netgearmodel:ex6100v1scope:eqversion:201.0.2.28

Trust: 0.6

sources: CNVD: CNVD-2022-28477 // NVD: CVE-2022-24655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-24655
value: HIGH

Trust: 1.0

CNVD: CNVD-2022-28477
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202203-1801
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-24655
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2022-28477
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-24655
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-28477 // CNNVD: CNNVD-202203-1801 // NVD: CVE-2022-24655

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2022-24655

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-1801

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1801

PATCH

title:Patch for NETGEAR EX6100v1 Stack Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/329376

Trust: 0.6

title:Netgear EX6100v1 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186903

Trust: 0.6

sources: CNVD: CNVD-2022-28477 // CNNVD: CNNVD-202203-1801

EXTERNAL IDS

db:NVDid:CVE-2022-24655

Trust: 2.2

db:CNVDid:CNVD-2022-28477

Trust: 0.6

db:CNNVDid:CNNVD-202203-1801

Trust: 0.6

sources: CNVD: CNVD-2022-28477 // CNNVD: CNNVD-202203-1801 // NVD: CVE-2022-24655

REFERENCES

url:https://github.com/doudoudedi/netgear_product_stack_overflow/blob/main/netgear%20ex%20series%20upnpd%20stack_overflow.md

Trust: 1.6

url:https://kb.netgear.com/000064615/security-advisory-for-pre-authentication-command-injection-on-ex6100v1-and-pre-authentication-stack-overflow-on-multiple-products-psv-2021-0282-psv-2021-0288

Trust: 1.6

url:https://www.netgear.com/about/security/

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-24655

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-24655/

Trust: 0.6

sources: CNVD: CNVD-2022-28477 // CNNVD: CNNVD-202203-1801 // NVD: CVE-2022-24655

SOURCES

db:CNVDid:CNVD-2022-28477
db:CNNVDid:CNNVD-202203-1801
db:NVDid:CVE-2022-24655

LAST UPDATE DATE

2024-11-23T23:07:27.486000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-28477date:2022-04-13T00:00:00
db:CNNVDid:CNNVD-202203-1801date:2022-03-28T00:00:00
db:NVDid:CVE-2022-24655date:2024-11-21T06:50:48.120

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-28477date:2022-04-13T00:00:00
db:CNNVDid:CNNVD-202203-1801date:2022-03-18T00:00:00
db:NVDid:CVE-2022-24655date:2022-03-18T11:15:08.010