Cyber Resilience

CVE-2022-48196

High

Published: 30 December 2022

Published
30 December 2022
Modified
10 April 2025
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0125 79.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-48196 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Netgear Rax40 Firmware. Its CVSS base score is 7.4 (High).

Operationally, ranked in the top 20.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and…

more

R8000P before 1.4.4.94.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netgear
rax40 firmware
≤ 1.0.2.60
netgear
rax35 firmware
≤ 1.0.2.60
netgear
r6400v2 firmware
≤ 1.0.4.122
netgear
r6700v3 firmware
≤ 1.0.4.122
netgear
r6900p firmware
≤ 1.3.3.152
netgear
r7000p firmware
≤ 1.3.3.152
netgear
r7000 firmware
≤ 1.0.11.136
netgear
r7960p firmware
≤ 1.4.4.94
netgear
r8000p firmware
≤ 1.4.4.94

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References