{"vulnerability": "CVE-2022-3895", "sightings": [{"uuid": "bf8afba0-07f4-4885-93fa-0df22a3cf271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38956", "type": "seen", "source": "https://t.me/cibsecurity/50156", "content": "\u203c CVE-2022-38956 \u203c\n\nAn exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T22:39:36.000000Z"}, {"uuid": "f01dcd8d-f602-4902-b590-3b0c5adba1f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38955", "type": "seen", "source": "https://t.me/cibsecurity/50148", "content": "\u203c CVE-2022-38955 \u203c\n\nAn exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T22:39:28.000000Z"}, {"uuid": "6fc1e44c-dc39-4239-badc-4a64a9871550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3895", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13902", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3895\n\ud83d\udd25 CVSS Score: 4 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).\n\ud83d\udccf Published: 2022-11-15T14:24:49.235Z\n\ud83d\udccf Modified: 2025-04-29T18:12:08.089Z\n\ud83d\udd17 References:\n1. https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-08", "creation_timestamp": "2025-04-29T19:12:29.000000Z"}]}