Skip to main content

Cbr40 Firmware CVE-2023-36187

CRITICAL
Classic Buffer Overflow (CWE-120)
2023-09-01 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 01, 2023 - 16:15 nvd
CRITICAL 9.8

DescriptionNVD

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.

AnalysisAI

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. Affected products include: Netgear Cbr40 Firmware, Netgear Lax20 Firmware, Netgear Mk62 Firmware, Netgear Mr60 Firmware, Netgear Ms60 Firmware. Version information: version 1.0.4.118.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2024-28340 HIGH POC
7.5 Mar 12

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear C

CVE-2021-45630 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45622 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45621 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45620 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45617 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45613 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45612 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45509 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2021-45508 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2021-45507 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2021-45504 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is

Share

CVE-2023-36187 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy