PT-2022-16777 · NetGear · Netgear Rax80+2
Doudoudedi
·
Published
2022-03-18
·
Updated
2022-03-25
·
CVE-2022-24655
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Netgear EX6100v1 version 201.0.2.28
Netgear CAX80 version 2.1.2.6
Netgear DC112A version 1.0.0.62
Description
A stack overflow vulnerability exists in the upnpd service, which may lead to the execution of arbitrary code without authentication.
Recommendations
For Netgear EX6100v1 version 201.0.2.28, update to a version that fixes the upnpd service vulnerability.
For Netgear CAX80 version 2.1.2.6, update to a version that fixes the upnpd service vulnerability.
For Netgear DC112A version 1.0.0.62, update to a version that fixes the upnpd service vulnerability.
As a temporary workaround, consider disabling the upnpd service until a patch is available.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Rax80
Netgear Dc112A
Netgear Ex6100V1