CVE-2022-31876
CVE-2022-31876 is a medium-severity vulnerability in Netgear Wnap320 Firmware with a CVSS 3.x base score of 5.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 5.3)
- CVSS v2: 5.0
- EPSS exploit prediction: 1% (65th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Netgear Wnap320 Firmware
- Published:
- Last modified:
Description
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.
Frequently asked questions
- What is CVE-2022-31876?
- netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.
- How severe is CVE-2022-31876?
- CVE-2022-31876 has a CVSS 3.x base score of 5.3, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2022-31876 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (65th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-31876?
- CVE-2022-31876 affects Netgear Wnap320 Firmware. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-31876?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-31876 published?
- CVE-2022-31876 was published on 2022-06-17 and last updated on 2026-06-17.
References
- https://github.com/jayus0821/uai-poc/blob/main/Netgear/WNAP320/unauth.md
- https://www.netgear.com/about/security/
Affected products (1)
- cpe:2.3:o:netgear:wnap320_firmware:2.0.3:*:*:*:*:*:*:*
More vulnerabilities in Netgear Wnap320 Firmware
- CVE-2018-21097 — Critical (CVSS 9.8): Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects…
- CVE-2016-1557 — Critical (CVSS 9.8): Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and…
- CVE-2016-1555 — Critical (CVSS 9.8): (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in…
- CVE-2018-21120 — High (CVSS 8.0): Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before…
- CVE-2016-1556 — High (CVSS 7.5): Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and…
- CVE-2018-21096 — High (CVSS 7.4): Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before…