CVE-2022-36429 — Hidden Functionality in Netgear Orbi Satellite Rbs750

CWE-912 — Hidden Functionality3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.5%

top 34.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Orbi Satellite Rbs750 Netgear Rbs750 Firmware

Timeline

PublishedMar 21

Description

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5netgear/orbi_satellite_rbs7504.6.8.5

▶NVDnetgear/rbs750_firmware4.6.8.5

🔴Vulnerability Details

CVEList

CVE-2022-36429: A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4↗2023-03-21

▶

GHSA

GHSA-qxv5-xxxc-xw7m: A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4↗2023-03-21

▶