Details of VAR-202302-0716

ID

VAR-202302-0716

CVE

CVE-2022-48322

TITLE

Out-of-bounds write vulnerability in multiple Netgear products

Trust: 0.8

sources: JVNDB: JVNDB-2023-003986

DESCRIPTION

NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. MR60 firmware, MS60 firmware, R6900P Multiple Netgear products, including firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects MR60 prior to 1.1.7.132, MS60 prior to 1.1.7.132, R6900P prior to 1.3.3.154, R7000P prior to 1.3.3.154, R7960P prior to 1.4.4.94, and R8000P prior to 1.4.4.94

Trust: 1.71

sources: NVD: CVE-2022-48322 // JVNDB: JVNDB-2023-003986 // VULMON: CVE-2022-48322

AFFECTED PRODUCTS

vendor:	netgear	model:	mr60	scope:	lt	version:	1.1.7.132	Trust: 1.0
vendor:	netgear	model:	r8000p	scope:	lt	version:	1.4.4.94	Trust: 1.0
vendor:	netgear	model:	r7960p	scope:	lt	version:	1.4.4.94	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.3.154	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.3.154	Trust: 1.0
vendor:	netgear	model:	ms60	scope:	lt	version:	1.1.7.132	Trust: 1.0
vendor:	ネットギア	model:	r8000p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ms60	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7960p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	mr60	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-003986 // NVD: CVE-2022-48322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-48322
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-48322
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202302-886
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-48322
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-48322
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-003986 // CNNVD: CNNVD-202302-886 // NVD: CVE-2022-48322

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-003986 // NVD: CVE-2022-48322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-886

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-886

PATCH

title:

NETGEAR Nighthawk Buffer error vulnerability fix

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=226555

Trust: 0.6

sources: CNNVD: CNNVD-202302-886

EXTERNAL IDS

db:	NVD	id:	CVE-2022-48322	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-003986	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-886	Trust: 0.6
db:	VULMON	id:	CVE-2022-48322	Trust: 0.1

sources: VULMON: CVE-2022-48322 // JVNDB: JVNDB-2023-003986 // CNNVD: CNNVD-202302-886 // NVD: CVE-2022-48322

REFERENCES

url:	https://kb.netgear.com/000065265/security-advisory-for-pre-authentication-buffer-overflow-on-multiple-products-psv-2022-0155	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-48322	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-48322/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-48322	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-48322 // JVNDB: JVNDB-2023-003986 // CNNVD: CNNVD-202302-886 // NVD: CVE-2022-48322

SOURCES

db:	VULMON	id:	CVE-2022-48322
db:	JVNDB	id:	JVNDB-2023-003986
db:	CNNVD	id:	CNNVD-202302-886
db:	NVD	id:	CVE-2022-48322

LAST UPDATE DATE

2024-08-14T13:21:06.769000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-48322	date:	2023-02-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-003986	date:	2023-10-25T02:51:00
db:	CNNVD	id:	CNNVD-202302-886	date:	2023-02-24T00:00:00
db:	NVD	id:	CVE-2022-48322	date:	2023-02-23T05:14:48.453

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-48322	date:	2023-02-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-003986	date:	2023-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202302-886	date:	2023-02-13T00:00:00
db:	NVD	id:	CVE-2022-48322	date:	2023-02-13T05:15:13.227