CVE-2022-36429

2023-03-2118:15:11

CWE-912

[email protected]

web.nvd.nist.gov

netgear

orbi

satellite

rbs750

ubus

command execution

vulnerability

json

object

arbitrary

communication

functionality

attack

packets

trigger

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.6%

JSON

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.

Affected configurations

Nvd

Node

netgearrbs750_firmwareMatch4.6.8.5

AND

netgearrbs750Match-

VendorProductVersionCPE
netgearrbs750_firmware4.6.8.5cpe:2.3:o:netgear:rbs750_firmware:4.6.8.5:*:*:*:*:*:*:*
netgearrbs750-cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*