CVE-2022-38955

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-354
View all →

Vulnerability Description

An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9.

Related Vulnerabilities

CVE-2012-1170

HIGH
CVSS:7.5(High)

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

CWE-3542012

CVE-2017-18689

HIGH
CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos5433, Exynos7420, or Exynos7870 chipsets) software. An attacker can bypass a ko (aka Kernel Module) signature by modifyi...

CWE-3542017

CVE-2019-18672

HIGH
CVSS:7.5(High)

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Not...

CWE-3542019

CVE-2020-11497

HIGH
CVSS:7.5(High)

An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary...

CWE-3542020

CVE-2020-13847

HIGH
CVSS:7.5(High)

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...

CWE-3542020

CVE-2020-25862

HIGH
CVSS:7.5(High)

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF chec...

CWE-3542020