CVE-2022-46424

Name of the Vulnerable Software and Affected Versions Netgear XWN5001 Powerline 500 WiFi Access Point versions v0.4.1.1 and earlier

Description An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a Man-in-the-Middle (MITM) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS).

Recommendations For versions v0.4.1.1 and earlier, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the firmware update process to minimize the risk of exploitation. Avoid using unsecured networks when uploading firmware images until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.