Vulnerabilities > CVE-2022-24655 - Out-of-bounds Write vulnerability in Netgear products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

netgear

CWE-787

NVD

Published: 2022-03-18

Updated: 2022-03-25

Summary

A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.

Vulnerable Configurations

Part	Description	Count
OS	Netgear Netgear Ex6100 Firmware 201.0.2.28 Netgear Ex6200 Firmware * Netgear Cax80 Firmware 2.1.2.6 Netgear Dc112A Firmware 1.0.0.62	4
Hardware	Netgear Netgear Ex6100 - Netgear Ex6200 - Netgear Cax80 - Netgear Dc112A -	4

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/doudoudedi/Netgear_product_stack_overflow/blob/main/NETGEAR%20EX%20series%20upnpd%20stack_overflow.md
https://kb.netgear.com/000064615/Security-Advisory-for-Pre-Authentication-Command-Injection-on-EX6100v1-and-Pre-Authentication-Stack-Overflow-on-Multiple-Products-PSV-2021-0282-PSV-2021-0288
https://www.netgear.com/about/security/