FKIE_CVE-2022-41545

Vulnerability from fkie_nvd - Published: 2025-02-18 18:15 - Updated: 2025-06-06 18:01
Severity ?
6.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack.
References
cve@mitre.orghttps://seclists.org/fulldisclosure/2025/Feb/12Mailing List, Third Party Advisory
cve@mitre.orghttps://www.netgear.com/about/security/Vendor Advisory
cve@mitre.orghttps://www.netgear.com/images/datasheet/networking/cablemodems/C7800.pdfProduct
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2025/Feb/12Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
netgear c7800_firmware 6.01.07
netgear c7800 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:c7800_firmware:6.01.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "50944BC9-7834-4184-B97F-2A6DC3916B34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:c7800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B4919C-A3E3-43F2-9714-18F607925F69",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack."
    },
    {
      "lang": "es",
      "value": "La interfaz web administrativa de NetGear C7800 router con la versi\u00f3n de firmware 6.01.07 (y posiblemente otras) autentica a los usuarios mediante autenticaci\u00f3n b\u00e1sica, con un encabezado HTTP que contiene un valor base64 del nombre de usuario y la contrase\u00f1a en texto plano. Debido a que el servidor web tampoco utiliza seguridad de transporte de manera predeterminada, esto hace que las credenciales administrativas sean vulnerables a escuchas clandestinas por parte de un adversario durante cada solicitud autenticada que realiza un cliente al router a trav\u00e9s de una red inal\u00e1mbrica (WLAN) o una red local (LAN), en caso de que el adversario pueda realizar un ataque de intermediario."
    }
  ],
  "id": "CVE-2022-41545",
  "lastModified": "2025-06-06T18:01:39.573",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-18T18:15:13.450",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2025/Feb/12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.netgear.com/about/security/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://www.netgear.com/images/datasheet/networking/cablemodems/C7800.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2025/Feb/12"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.