CVE-2022-38956
MEDIUMNetgear WPN824EXT Firmware < 1.1.1_1.1.9 - Firmware Downgrade via MITM Attack
Title source: llmDescription
An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.netgear.com/about/security/
Various Sources x_refsource_misc
https://hackmd.io/%40eupX2KdkT6iNpqJUWk9p4A/SyAnOSd1s
Scores
CVSS v3
5.3
EPSS
0.0024
EPSS Percentile
15.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-354
Status
published
Products (1)
netgear/wpn824ext_firmware
< 1.1.1_1.1.9
Published
Sep 20, 2022
Tracked Since
Feb 18, 2026