SB2022032410 - Multiple vulnerabilities in NETGEAR Products

Security Bulletin ID SB2022032410

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 7

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 7 vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2022-27642)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker with access to the local network or WiFi can gain unauthorized access to sensitive information on the system.

2) Information disclosure (CVE-ID: CVE-2022-27647)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker with access to the local network or WiFi can gain unauthorized access to sensitive information on the system.

3) Improper Authentication (CVE-ID: N/A)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. An attacker with physical access can bypass authentication process and gain unauthorized access to the application.

4) Improper Authentication (CVE-ID: CVE-2022-27643)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. An attacker with physical access can bypass authentication process and gain unauthorized access to the application.

5) Information disclosure (CVE-ID: CVE-2022-27645)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker with access to the local network or WiFi can gain unauthorized access to sensitive information on the system.

6) Improper Authentication (CVE-ID: CVE-2022-27646)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. An attacker with physical access can bypass authentication process and gain unauthorized access to the application.

7) Improper Authentication (CVE-ID: CVE-2022-27644)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. An attacker with physical access can bypass authentication process and gain unauthorized access to the application.

Remediation

Install update from vendor's website.

SB2022032410 - Multiple vulnerabilities in NETGEAR Products

Breakdown by Severity

Description

Remediation

References

Please verify you're human