How severe is CVE-2022-38458?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2022-38458?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2022-38458

MEDIUM Year: 2022

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-311

View all →

Vulnerability Description

A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.

CVE-2016-10597

MEDIUM

CVSS:5.9(Medium)

cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10613

MEDIUM

CVSS:5.9(Medium)

bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10630

MEDIUM

CVSS:5.9(Medium)

install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2017-16041

MEDIUM

CVSS:5.9(Medium)

ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112017

CVE-2017-6297

MEDIUM

CVSS:5.9(Medium)

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain ...

CWE-3112017

CVE-2017-9045

MEDIUM

CVSS:5.9(Medium)

The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof F...

CWE-3112017

CVE-2022-38458

Vulnerability Description

Related Vulnerabilities

CVE-2016-10597

CVE-2016-10613

CVE-2016-10630

CVE-2017-16041

CVE-2017-6297

CVE-2017-9045