CVE-2022-48196

HIGH

Netgear Rax40 Firmware < 1.0.2.60 - Buffer Overflow

Title source: rule

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.

References (2)

Core 2

Core References

Patch, Vendor Advisory

https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208

Patch, Third Party Advisory

https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/

Scores

CVSS v3 7.4

EPSS 0.0125

EPSS Percentile 79.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (9)

netgear/r6400v2_firmware < 1.0.4.122

netgear/r6700v3_firmware < 1.0.4.122

netgear/r6900p_firmware < 1.3.3.152

netgear/r7000_firmware < 1.0.11.136

netgear/r7000p_firmware < 1.3.3.152

netgear/r7960p_firmware < 1.4.4.94

netgear/r8000p_firmware < 1.4.4.94

netgear/rax35_firmware < 1.0.2.60

netgear/rax40_firmware < 1.0.2.60

Published Dec 30, 2022

Tracked Since Feb 18, 2026