CVE-2022-36429

Published: Mar 21, 2023Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.

Affected (1)

Products: Netgear: Rbs750 Firmware

1 product

Rbs750 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbs750 Firmware	Version 4.6.8.5

Running on/with	Platform Versions
Netgear Rbs750	All versions

Related CWEs

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

References (5)

https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188

Source: talos-cna@cisco.com

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1597

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188

Source: af854a3a-2127-422b-91ae-364da2661108

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1597

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1597

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.