OpenCVE

An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netgear	Wnr2000 Wnr2000 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BktKl8ZDo
https://www.netgear.com/about/security/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-20T00:00:00

Updated: 2024-08-03T14:31:46.350Z

Reserved: 2022-12-05T00:00:00

Link: CVE-2022-46423

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-20T20:15:10.557

Modified: 2024-11-21T07:30:34.310

Link: CVE-2022-46423

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "03D97484-E4B7-4ABD-9F03-FD900ADE5D02", "versionEndIncluding": "1.2.3.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr2000:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "709B7F15-AF75-4404-814E-8519EE5AE227", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de modificaci\u00f3n de firmware explotable en el router Netgear WNR2000v1. Un atacante puede realizar un ataque MITM (Man-in-the-Middle) para modificar la imagen de firmware cargada por el usuario y eludir la verificaci\u00f3n CRC, lo que permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una Denegaci\u00f3n de Servicio (DoS). Esto afecta a la versi\u00f3n 1.2.3.7 y anteriores."}], "id": "CVE-2022-46423", "lastModified": "2024-11-21T07:30:34.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-20T20:15:10.557", "references": [{"source": "cve@mitre.org", "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BktKl8ZDo"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.netgear.com/about/security/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BktKl8ZDo"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.netgear.com/about/security/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}