A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Netgear
Buffer Overflow
RCE
Memory Corruption
Wndr3400V3 Firmware
NVD
GitHub
CVSS 3.0
9.8
EPSS
3.1%