CVE-2022-48196

Published: Dec 30, 2022Modified: Apr 10, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.

Affected (9)

Products: Netgear: Rax40 Firmware, Rax35 Firmware, R6400v2 Firmware, R6700v3 Firmware, R6900p Firmware, R7000p Firmware, R7000 Firmware, R7960p Firmware, R8000p Firmware

9 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rax40 Firmware	Before 1.0.2.60

Running on/with	Platform Versions
Netgear Rax40	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rax35 Firmware	Before 1.0.2.60

Running on/with	Platform Versions
Netgear Rax35	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400v2 Firmware	Before 1.0.4.122

Running on/with	Platform Versions
Netgear R6400v2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6700v3 Firmware	Before 1.0.4.122

Running on/with	Platform Versions
Netgear R6700v3	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900p Firmware	Before 1.3.3.152

Running on/with	Platform Versions
Netgear R6900p	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000p Firmware	Before 1.3.3.152

Running on/with	Platform Versions
Netgear R7000p	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000 Firmware	Before 1.0.11.136

Running on/with	Platform Versions
Netgear R7000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7960p Firmware	Before 1.4.4.94

Running on/with	Platform Versions
Netgear R7960p	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8000p Firmware	Before 1.4.4.94

Running on/with	Platform Versions
Netgear R8000p	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208

Source: cve@mitre.org

PatchVendor Advisory

https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/

Source: cve@mitre.org

PatchThird Party Advisory

https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.