Details of VAR-202211-1617

ID

VAR-202211-1617

CVE

CVE-2022-44191

TITLE

NETGEAR R7000P KEY1/KEY2 Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-85555

DESCRIPTION

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. NETGEAR R7000P is a wireless router made by NETGEAR. The vulnerability is due to the lack of length verification of the input data for the KEY1 and KEY2 parameters. Attackers can use this vulnerability to initiate denial of service or remote code execution

Trust: 1.44

sources: NVD: CVE-2022-44191 // CNVD: CNVD-2022-85555

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-85555

AFFECTED PRODUCTS

vendor:	netgear	model:	r7000p	scope:	eq	version:	1.3.1.64	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	eq	version:	v1.3.1.64	Trust: 0.6

sources: CNVD: CNVD-2022-85555 // NVD: CVE-2022-44191

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-44191
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2022-85555
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202211-3300
value:	CRITICAL
Trust: 0.6

CNVD:	CNVD-2022-85555
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-44191
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-85555 // CNNVD: CNNVD-202211-3300 // NVD: CVE-2022-44191

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2022-44191

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3300

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202211-3300

PATCH

title:	Patch for NETGEAR R7000P KEY1/KEY2 parameter buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/364856	Trust: 0.6
title:	NETGEAR R7000P Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=215388	Trust: 0.6

sources: CNVD: CNVD-2022-85555 // CNNVD: CNNVD-202211-3300

EXTERNAL IDS

db:	NVD	id:	CVE-2022-44191	Trust: 2.2
db:	CNVD	id:	CNVD-2022-85555	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-3300	Trust: 0.6

sources: CNVD: CNVD-2022-85555 // CNNVD: CNNVD-202211-3300 // NVD: CVE-2022-44191

REFERENCES

url:	https://github.com/robinwang825/iot_vuln/tree/main/netgear/r7000p/8	Trust: 2.2
url:	https://www.netgear.com/about/security/	Trust: 1.6
url:	https://cxsecurity.com/cveshow/cve-2022-44191/	Trust: 0.6

sources: CNVD: CNVD-2022-85555 // CNNVD: CNNVD-202211-3300 // NVD: CVE-2022-44191

SOURCES

db:	CNVD	id:	CNVD-2022-85555
db:	CNNVD	id:	CNNVD-202211-3300
db:	NVD	id:	CVE-2022-44191

LAST UPDATE DATE

2024-08-14T15:26:58.361000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-85555	date:	2022-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202211-3300	date:	2022-11-24T00:00:00
db:	NVD	id:	CVE-2022-44191	date:	2022-11-23T19:37:37.857

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-85555	date:	2022-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202211-3300	date:	2022-11-22T00:00:00
db:	NVD	id:	CVE-2022-44191	date:	2022-11-22T14:15:13.187