CVE-2022-46424 — Netgear Xwn5001 Firmware vulnerability

4 documents4 sources

Severity

8.1HIGHNVD

EPSS

1.1%

top 21.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Xwn5001 Firmware

Timeline

PublishedDec 20

Description

An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v0.4.1.1 and earlier.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

▶NVDnetgear/xwn5001_firmware0.4.1.1

🔴Vulnerability Details

GHSA

GHSA-3gph-54h9-x2ff: An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point↗2022-12-20

▶

CVEList

CVE-2022-46424: An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point↗2022-12-20

▶

💥Exploits & PoCs

Exploit-DB

TLR-2005KSH - Arbitrary File Delete↗2022-05-12

▶