9.8
CVE-2017-6862
- EPSS 55.66%
- Published 26.05.2017 20:29:00
- Last modified 20.04.2025 01:37:25
- Source a2826606-91e7-4eb6-899e-8484bd
- Teams watchlist Login
- Open Login
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ Wnr2000v5 Firmware Version < 1.0.0.42
Netgear ≫ Wnr2000v4 Firmware Version < 1.0.0.66
Netgear ≫ Wnr2000v3 Firmware Version < 1.1.2.14
08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
NETGEAR Multiple Devices Buffer Overflow Vulnerability
VulnerabilityMultiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 55.66% | 0.98 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.