CVE-2022-37232

Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x429cbc.md	Broken Link
https://www.netgear.com/about/security/	Vendor Advisory
https://www.netgear.com/support/download/?model=WNR2000v4	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:wnr2000v4_firmware:1.0.0.70:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:*

History

24 Sep 2022, 02:00

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~(MISC) https://www.netgear.com/about/security/ -~~	(MISC) https://www.netgear.com/about/security/ - Vendor Advisory
References	~~(MISC) https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x429cbc.md -~~	(MISC) https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x429cbc.md - Broken Link
References	~~(MISC) https://www.netgear.com/support/download/?model=WNR2000v4 -~~	(MISC) https://www.netgear.com/support/download/?model=WNR2000v4 - Product
CWE		CWE-787
First Time		Netgear Netgear wnr2000v4 Firmware Netgear wnr2000v4
CPE		cpe:2.3:h:netgear:wnr2000v4:-:::::::* cpe:2.3:o:netgear:wnr2000v4_firmware:1.0.0.70:::::::*

23 Sep 2022, 04:21

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-23 01:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-37232

Mitre link : CVE-2022-37232

CVE.ORG link : CVE-2022-37232

JSON object : View

Products Affected

netgear

wnr2000v4
wnr2000v4_firmware

CWE

CWE-787

Out-of-bounds Write

9.8 /10