VYPR
High severity7.2NVD Advisory· Published Feb 18, 2022· Updated May 18, 2026

CVE-2022-23650

CVE-2022-23650

Description

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/gravitl/netmakerGo
< 0.8.50.8.5
github.com/gravitl/netmakerGo
>= 0.9.0, < 0.9.40.9.4

Affected products

3
  • cpe:2.3:a:netmaker:netmaker:*:*:*:*:*:*:*:*
    Range: <0.8.5
  • Gravitl/Netmakerllm-fuzzy2 versions
    <0.8.5, >=0.9.0 <0.9.4, >=0.10.0 <0.10.0+ 1 more
    • (no CPE)range: <0.8.5, >=0.9.0 <0.9.4, >=0.10.0 <0.10.0
    • (no CPE)range: < 0.8.5

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.