CVE-2023-38925

Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.

Published: Aug 7, 2023
Updated: Aug 10, 2023
CVE: CVE-2023-38925
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
netgear / dc112a_firmware	1.0.0.64	1.0.0.64.x
netgear / ex6200_firmware	1.0.3.94	1.0.3.94.x
netgear / r6300v2_firmware	1.0.4.8	1.0.4.8.x

https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_smb_pass/README.md
https://www.netgear.com/about/security/

Vulnerability Database

289,784

CVE-2023-38925