Firmware Downgrade Vulnerability on Netgear WiFi Range Extender
CVE-2022-38956

5.3MEDIUM

Key Information:

Vendor

Netgear
Status
WPn824ext Firmware
Vendor
CVE Published:
20 September 2022

What is CVE-2022-38956?

A vulnerability has been identified in the Netgear WPN824EXT WiFi Range Extender that allows an attacker to exploit a firmware downgrade issue. This flaw can enable a man-in-the-middle (MITM) attack, where the attacker replaces a user-uploaded firmware with a previous, potentially vulnerable version. This issue affects devices running Firmware 1.1.1_1.1.9 and earlier, posing significant security risks for users relying on this equipment. It's crucial for users to remain vigilant and update their devices to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.netgear.com/about/security/
x_refsource_MISC
https://hackmd.io/%40eupX2KdkT6iNpqJUWk9p4A/SyAnOSd1s
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.