Vulnerability Details CVE-2022-24655
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://github.com/doudoudedi/Netgear_product_stack_overflow/blob/main/NETGEAR%20EX%20series%20upnpd%20stack_overflow.md
- https://kb.netgear.com/000064615/Security-Advisory-for-Pre-Authentication-Command-Injection-on-EX6100v1-and-Pre-Authentication-Stack-Overflow-on-Multiple-Products-PSV-2021-0282-PSV-2021-0288
- https://www.netgear.com/about/security/
- https://github.com/doudoudedi/Netgear_product_stack_overflow/blob/main/NETGEAR%20EX%20series%20upnpd%20stack_overflow.md
- https://kb.netgear.com/000064615/Security-Advisory-for-Pre-Authentication-Command-Injection-on-EX6100v1-and-Pre-Authentication-Stack-Overflow-on-Multiple-Products-PSV-2021-0282-PSV-2021-0288
- https://www.netgear.com/about/security/
Products affected by CVE-2022-24655
-
cpe:2.3:h:netgear:cax80:-
-
cpe:2.3:h:netgear:dc112a:-
-
cpe:2.3:h:netgear:ex6100:-
-
cpe:2.3:h:netgear:ex6200:-
-
cpe:2.3:o:netgear:cax80_firmware:2.1.2.6
-
cpe:2.3:o:netgear:dc112a_firmware:1.0.0.62
-
cpe:2.3:o:netgear:ex6100_firmware:201.0.2.28
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.44
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.50
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.52
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.56
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.62
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.64
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.72
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.74
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.78
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.82
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.90
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.3.82_1.1.117
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.3.84
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.3.86
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.3.88
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.3.94