CVE-2022-48176
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
31/01/2023
Last modified:
28/03/2025
Description
Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:* | 1.3.3.154 (excluding) | |
| cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:* | 1.3.3.154 (excluding) | |
| cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:* | 1.4.4.94 (excluding) | |
| cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:* | 1.4.4.94 (excluding) | |
| cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:* | 1.1.7.132 (excluding) | |
| cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:* | 1.1.7.132 (excluding) | |
| cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://hdwsec.fr/blog/20221109-netgear/
- https://kb.netgear.com/000065242/Security-Advisory-for-Pre-authentication-Stack-Overflow-on-some-Routers-and-Nighthawk-WiFi-Mesh-Systems-PSV-2022-0146
- https://www.netgear.com/about/security/
- https://hdwsec.fr/blog/20221109-netgear/
- https://kb.netgear.com/000065242/Security-Advisory-for-Pre-authentication-Stack-Overflow-on-some-Routers-and-Nighthawk-WiFi-Mesh-Systems-PSV-2022-0146
- https://www.netgear.com/about/security/