Vulnerability detail

Enriched intelligence for a single CVE

9.8

CVSS
Critical

CVE-2022-29383

PUBLISHED

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at...

Exploited in the wild PoC available Remote Low complexity No user interaction

Vendor: NETGEAR
Product: ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3
Published: May 13, 2022
EPSS: —

Description

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.

nuclei_scanner edge

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation status

Exploited in the wild

Recorded 2025-04-22 00:00:00 UTC · Source

Proof of concept available

Recorded 2021-12-22 10:06:59 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Apr 22, 2025

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-29383.yaml	Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

badboycxcc/Netgear-ssl-vpn-20211222-CVE-2022-29383

github · Created 2021-12-22 10:06:59 UTC · 28 stars

Timeline

Proof of Concept Exploit Available

December 22, 2021
CVE ID Reserved

April 16, 2022
CVE Published to Public

May 13, 2022
Added to KEVIntel

April 22, 2025
Detected by Nuclei

April 25, 2025