CVE-2023-36187 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2023-36187

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.

Published: Sep 1, 2023
Updated: Sep 8, 2023
CVE: CVE-2023-36187
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
netgear / cbr40_firmware	-	2.5.0.24
netgear / lax20_firmware	-	1.1.6.34
netgear / mk62_firmware	-	1.1.6.122
netgear / mr60_firmware	-	1.1.6.122
netgear / ms60_firmware	-	1.1.6.122
netgear / rbw30_firmware	-	2.6.2.6
netgear / r6400_firmware	-	1.0.1.70
netgear / r6400v2_firmware	-	1.0.4.118
netgear / r6700v3_firmware	-	1.0.4.118
netgear / r7000_firmware	-	1.0.11.130
netgear / r7000p_firmware	-	1.3.3.148
netgear / rax200_firmware	-	1.0.4.120
netgear / rax75_firmware	-	1.0.4.120
netgear / rax80_firmware	-	1.0.4.120
netgear / rs400_firmware	-	1.5.1.86

https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578