9.8
CVE-2017-6862
- EPSS 55.66%
- Veröffentlicht 26.05.2017 20:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle a2826606-91e7-4eb6-899e-8484bd
- Teams Watchlist Login
- Unerledigt Login
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ Wnr2000v5 Firmware Version < 1.0.0.42
Netgear ≫ Wnr2000v4 Firmware Version < 1.0.0.66
Netgear ≫ Wnr2000v3 Firmware Version < 1.1.2.14
08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
NETGEAR Multiple Devices Buffer Overflow Vulnerability
SchwachstelleMultiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 55.66% | 0.98 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.