CVE-2022-38458 - OpenCVE

A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Netgear	Rbs750 Firmware Rbs750

Configuration 1 [-]

AND

cpe:2.3:o:netgear:rbs750_firmware:4.6.8.5:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*

References

Link	Resource
https://kb.netgear.com/000065428/Security-Advisory-for-Cleartext-Transmission-on-Some-Orbi-WiFi-Systems-PSV-2022-0189
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1598	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2023-03-21T17:41:25.364Z

Updated: 2023-03-28T14:49:38.892Z

Reserved: 2022-08-23T17:57:51.673Z

Link: CVE-2022-38458

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-21T18:15:12.267

Modified: 2023-03-28T15:15:06.707

Link: CVE-2022-38458

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs750_firmware:4.6.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "7CE366C8-EEC7-4725-AA02-C4ED5E204E01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*", "matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information."}], "id": "CVE-2022-38458", "lastModified": "2023-03-28T15:15:06.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2023-03-21T18:15:12.267", "references": [{"source": "talos-cna@cisco.com", "url": "https://kb.netgear.com/000065428/Security-Advisory-for-Cleartext-Transmission-on-Some-Orbi-WiFi-Systems-PSV-2022-0189"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1598"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "talos-cna@cisco.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Secondary"}]}