CVE-2022-46423 - OpenCVE

An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Netgear	Wnr2000 Wnr2000 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000:1.0:*:*:*:*:*:*:*

References

Link	Resource
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BktKl8ZDo
https://www.netgear.com/about/security/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-20T00:00:00

Updated: 2022-12-20T00:00:00

Reserved: 2022-12-05T00:00:00

Link: CVE-2022-46423

JSON object: View

NVD Information

Status : Modified

Published: 2022-12-20T20:15:10.557

Modified: 2023-11-07T03:55:37.447

Link: CVE-2022-46423

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "03D97484-E4B7-4ABD-9F03-FD900ADE5D02", "versionEndIncluding": "1.2.3.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr2000:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "709B7F15-AF75-4404-814E-8519EE5AE227", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de modificaci\u00f3n de firmware explotable en el router Netgear WNR2000v1. Un atacante puede realizar un ataque MITM (Man-in-the-Middle) para modificar la imagen de firmware cargada por el usuario y eludir la verificaci\u00f3n CRC, lo que permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una Denegaci\u00f3n de Servicio (DoS). Esto afecta a la versi\u00f3n 1.2.3.7 y anteriores."}], "id": "CVE-2022-46423", "lastModified": "2023-11-07T03:55:37.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-20T20:15:10.557", "references": [{"source": "cve@mitre.org", "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BktKl8ZDo"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.netgear.com/about/security/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}