CVE-2022-46423

An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.

Published: Dec 20, 2022
Updated: Nov 8, 2023
CVE: CVE-2022-46423
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
netgear / wnr2000_firmware	-	1.2.3.7.x

https://hackmd.io/@slASVrz_SrW7NQCsunofeA/BktKl8ZDo
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BktKl8ZDo
https://www.netgear.com/about/security/

Vulnerability Database

289,697

CVE-2022-46423