Sign-up

ID

VAR-202212-2397


CVE

CVE-2022-48196


TITLE

plural  NETGEAR  device   Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004429

DESCRIPTION

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. plural NETGEAR device Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects RAX40 prior to 1.0.2.60, RAX35 prior to 1.0.2.60, R6400v2 prior to 1.0.4.122, R6700v3 prior to 1.0.4.122, R6900P prior to 1.3.3.152, R7000P prior to 1.3.3.152, R7000 prior to 1.0.11.136, R7960P prior to 1.4.4.94, and R8000P prior to 1.4.4.94

Trust: 1.71

sources: NVD: CVE-2022-48196 // JVNDB: JVNDB-2022-004429 // VULMON: CVE-2022-48196

AFFECTED PRODUCTS

vendor:netgearmodel:rax35scope:ltversion:1.0.2.60

Trust: 1.0

vendor:netgearmodel:r6400v2scope:ltversion:1.0.4.122

Trust: 1.0

vendor:netgearmodel:rax40scope:ltversion:1.0.2.60

Trust: 1.0

vendor:netgearmodel:r6700v3scope:ltversion:1.0.4.122

Trust: 1.0

vendor:netgearmodel:r7000pscope:ltversion:1.3.3.152

Trust: 1.0

vendor:netgearmodel:r7000scope:ltversion:1.0.11.136

Trust: 1.0

vendor:netgearmodel:r6900pscope:ltversion:1.3.3.152

Trust: 1.0

vendor:netgearmodel:r8000pscope:ltversion:1.4.4.94

Trust: 1.0

vendor:netgearmodel:r7960pscope:ltversion:1.4.4.94

Trust: 1.0

vendor:ネットギアmodel:rax40scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6700v3scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r8000pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax35scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6900pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6400v2scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7960pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7000pscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-004429 // NVD: CVE-2022-48196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-48196
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2022-48196
value: HIGH

Trust: 1.0

NVD: CVE-2022-48196
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202212-4129
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-48196
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2022-48196
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-48196
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-004429 // CNNVD: CNNVD-202212-4129 // NVD: CVE-2022-48196 // NVD: CVE-2022-48196

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-004429 // NVD: CVE-2022-48196

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-4129

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-4129

PATCH

title:Security Advisory for Pre-Authentication Buffer Overflow on Some Routers, PSV-2019-0208url:https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208

Trust: 0.8

title:Multiple NETGEAR product Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=220822

Trust: 0.6

sources: JVNDB: JVNDB-2022-004429 // CNNVD: CNNVD-202212-4129

EXTERNAL IDS

db:NVDid:CVE-2022-48196

Trust: 3.3

db:JVNDBid:JVNDB-2022-004429

Trust: 0.8

db:CNNVDid:CNNVD-202212-4129

Trust: 0.6

db:VULMONid:CVE-2022-48196

Trust: 0.1

sources: VULMON: CVE-2022-48196 // JVNDB: JVNDB-2022-004429 // CNNVD: CNNVD-202212-4129 // NVD: CVE-2022-48196

REFERENCES

url:https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/

Trust: 2.5

url:https://kb.netgear.com/000065495/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-psv-2019-0208

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-48196

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-48196/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-48196 // JVNDB: JVNDB-2022-004429 // CNNVD: CNNVD-202212-4129 // NVD: CVE-2022-48196

SOURCES

db:VULMONid:CVE-2022-48196
db:JVNDBid:JVNDB-2022-004429
db:CNNVDid:CNNVD-202212-4129
db:NVDid:CVE-2022-48196

LAST UPDATE DATE

2024-08-14T15:32:21.928000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-48196date:2022-12-30T00:00:00
db:JVNDBid:JVNDB-2022-004429date:2023-04-11T07:53:00
db:CNNVDid:CNNVD-202212-4129date:2023-01-11T00:00:00
db:NVDid:CVE-2022-48196date:2023-01-10T14:57:15.340

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-48196date:2022-12-30T00:00:00
db:JVNDBid:JVNDB-2022-004429date:2023-04-11T00:00:00
db:CNNVDid:CNNVD-202212-4129date:2022-12-30T00:00:00
db:NVDid:CVE-2022-48196date:2022-12-30T08:15:07.900