CVE-2022-38956

Name of the Vulnerable Software and Affected Versions Netgear WPN824EXT WiFi Range Extender versions 1.1.1 through 1.1.9 and earlier

Description The issue is related to a lack of integrity check in the firmware of the Netgear WPN824EXT WiFi Range Extender. An attacker can exploit this by conducting a man-in-the-middle (MITM) attack to replace the user-uploaded firmware image with an older version. This allows a remote attacker to downgrade the firmware version.

Recommendations For versions 1.1.1 through 1.1.9 and earlier, consider disabling the firmware update feature until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the device to minimize the risk of a MITM attack. Avoid using the device until a fixed version of the firmware is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.