Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
References
| Link | Resource |
|---|---|
| https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
History
07 Sep 2023, 17:05
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| First Time |
Netgear lax20 Firmware
Netgear r6400 Firmware Netgear rbw30 Netgear cbr40 Firmware Netgear rax80 Netgear ms60 Firmware Netgear rax75 Netgear rs400 Firmware Netgear r6700v3 Firmware Netgear mr60 Netgear r6400v2 Firmware Netgear rax75 Firmware Netgear rs400 Netgear rax200 Firmware Netgear r6400v2 Netgear rbw30 Firmware Netgear Netgear ms60 Netgear r7000p Firmware Netgear r6400 Netgear lax20 Netgear mk62 Netgear mr60 Firmware Netgear rax200 Netgear rax80 Firmware Netgear cbr40 Netgear r6700v3 Netgear r7000p Netgear r7000 Firmware Netgear mk62 Firmware Netgear r7000 |
|
| CWE | CWE-120 | |
| References | (MISC) https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578 - Vendor Advisory | |
| CPE | cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbw30:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbw30_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:* |
01 Sep 2023, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-01 16:15
Updated : 2023-09-07 17:05
NVD link : CVE-2023-36187
Mitre link : CVE-2023-36187
CVE.ORG link : CVE-2023-36187
JSON object : View
Products Affected
netgear
- r6400v2
- r6400v2_firmware
- rs400_firmware
- rax200_firmware
- lax20_firmware
- rax80
- rs400
- rbw30
- rax200
- mr60_firmware
- cbr40_firmware
- lax20
- r6700v3_firmware
- mk62
- r7000
- r6400
- rbw30_firmware
- rax75
- r7000p
- ms60
- r6400_firmware
- mr60
- mk62_firmware
- r6700v3
- rax75_firmware
- r7000_firmware
- cbr40
- rax80_firmware
- r7000p_firmware
- ms60_firmware
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')