Details of VAR-202303-0418

ID

VAR-202303-0418

CVE

CVE-2022-43654

TITLE

NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-23-214

DESCRIPTION

NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the token parameter provided to the sso.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18227. NETGEAR CAX30 is a router from NETGEAR. NETGEAR CAX30S has a security vulnerability

Trust: 2.07

sources: NVD: CVE-2022-43654 // ZDI: ZDI-23-214 // CNVD: CNVD-2024-24413

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-24413

AFFECTED PRODUCTS

vendor:

netgear

model:

cax30s

scope:

version:

Trust: 1.3

sources: ZDI: ZDI-23-214 // CNVD: CNVD-2024-24413

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2022-43654
value:	HIGH
Trust: 1.0
ZDI:	CVE-2022-43654
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2024-24413
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-24413
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2022-43654
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
ZDI:	CVE-2022-43654
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-214 // CNVD: CNVD-2024-24413 // NVD: CVE-2022-43654

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2022-43654

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000065527/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Cable-Modem-Routers-PSV-2022-0208	Trust: 0.7
title:	Patch for NETGEAR CAX30S Remote Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/545846	Trust: 0.6

sources: ZDI: ZDI-23-214 // CNVD: CNVD-2024-24413

EXTERNAL IDS

db:	NVD	id:	CVE-2022-43654	Trust: 2.3
db:	ZDI	id:	ZDI-23-214	Trust: 1.7
db:	ZDI_CAN	id:	ZDI-CAN-18227	Trust: 0.7
db:	CNVD	id:	CNVD-2024-24413	Trust: 0.6

sources: ZDI: ZDI-23-214 // CNVD: CNVD-2024-24413 // NVD: CVE-2022-43654

REFERENCES

url:	https://kb.netgear.com/000065527/security-advisory-for-pre-authentication-command-injection-on-some-cable-modem-routers-psv-2022-0208	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-23-214/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-43654	Trust: 0.6

sources: ZDI: ZDI-23-214 // CNVD: CNVD-2024-24413 // NVD: CVE-2022-43654

CREDITS

Fiseha and Robera

Trust: 0.7

sources: ZDI: ZDI-23-214

SOURCES

db:	ZDI	id:	ZDI-23-214
db:	CNVD	id:	CNVD-2024-24413
db:	NVD	id:	CVE-2022-43654

LAST UPDATE DATE

2024-08-14T14:30:39.593000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-214	date:	2023-03-07T00:00:00
db:	CNVD	id:	CNVD-2024-24413	date:	2024-05-27T00:00:00
db:	NVD	id:	CVE-2022-43654	date:	2024-05-08T13:15:00.690

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-214	date:	2023-03-07T00:00:00
db:	CNVD	id:	CNVD-2024-24413	date:	2024-05-29T00:00:00
db:	NVD	id:	CVE-2022-43654	date:	2024-05-07T23:15:15.223