CVE-2022-48176

HIGH

Netgear R7000P/R6900P < 1.3.3.154, R7960P/R8000P < 1.4.4.94 - Unauthenticated Stack Overflow

Title source: llm

Description

Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.

References (3)

Core 3

Core References

Broken Link

https://hdwsec.fr/blog/20221109-netgear/

Patch, Vendor Advisory

https://kb.netgear.com/000065242/Security-Advisory-for-Pre-authentication-Stack-Overflow-on-some-Routers-and-Nighthawk-WiFi-Mesh-Systems-PSV-2022-0146

Vendor Advisory

https://www.netgear.com/about/security/

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 20.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (6)

netgear/mr60_firmware < 1.1.7.132

netgear/ms60_firmware < 1.1.7.132

netgear/r6900p_firmware < 1.3.3.154

netgear/r7000p_firmware < 1.3.3.154

netgear/r7960p_firmware < 1.4.4.94

netgear/r8000p_firmware < 1.4.4.94

Published Jan 31, 2023

Tracked Since Feb 18, 2026