CVE-2022-48176 — HIGH (7.8)

Q: What is CVE-2022-48176?

CVE-2022-48176 is a vulnerability with a CVSS score of 7.8 (HIGH). Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.

Q: How severe is CVE-2022-48176?

CVE-2022-48176 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-48176?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear R7000P Firmware, Netgear R7000P, Netgear R6900P Firmware, Netgear R6900P, Netgear R7960P Firmware.

Vulnerability Description

Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	R7000P Firmware	< 1.3.3.154
Netgear	R7000P	-
Netgear	R6900P Firmware	< 1.3.3.154
Netgear	R6900P	-
Netgear	R7960P Firmware	< 1.4.4.94
Netgear	R7960P	-
Netgear	R8000P Firmware	< 1.4.4.94
Netgear	R8000P	-
Netgear	Mr60 Firmware	< 1.1.7.132
Netgear	Mr60	-
Netgear	Ms60 Firmware	< 1.1.7.132
Netgear	Ms60	-

Related Weaknesses (CWE)

CWE-787

References

https://hdwsec.fr/blog/20221109-netgear/Broken Link
https://kb.netgear.com/000065242/Security-Advisory-for-Pre-authentication-Stack-PatchVendor Advisory
https://www.netgear.com/about/security/Vendor Advisory
https://hdwsec.fr/blog/20221109-netgear/Broken Link
https://kb.netgear.com/000065242/Security-Advisory-for-Pre-authentication-Stack-PatchVendor Advisory
https://www.netgear.com/about/security/Vendor Advisory

FAQ

What is CVE-2022-48176?

CVE-2022-48176 is a vulnerability with a CVSS score of 7.8 (HIGH). Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.

How severe is CVE-2022-48176?

CVE-2022-48176 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-48176?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear R7000P Firmware, Netgear R7000P, Netgear R6900P Firmware, Netgear R6900P, Netgear R7960P Firmware.