CVE-2022-38452

Published: Mar 21, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.

Affected (1)

Products: Netgear: Rbs750 Firmware

1 product

Rbs750 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbs750 Firmware	Version 4.6.8.5

Running on/with	Platform Versions
Netgear Rbs750	All versions

Related CWEs

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

References (5)

https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186

Source: talos-cna@cisco.com

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1595

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186

Source: af854a3a-2127-422b-91ae-364da2661108

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1595

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1595

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.