CVE-2022-36429

2023-03-2117:41:25

CWE-912

talos

www.cve.org

ubus backend communications

json object

arbitrary command execution

malicious packets

security vulnerability

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.6%

JSON

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "Netgear",
    "product": "Orbi Satellite RBS750",
    "versions": [
      {
        "version": "4.6.8.5",
        "status": "affected"
      }
    ]
  }
]