Skip to main content

R6900P Firmware CVE-2023-38412

HIGH
Classic Buffer Overflow (CWE-120)
2023-08-07 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 07, 2023 - 19:15 nvd
HIGH 8.8

DescriptionNVD

Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.

AnalysisAI

Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. Affected products include: Netgear R6900P Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2021-40847 HIGH POC
8.1 Sep 21

The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve

CVE-2019-17372 HIGH POC
8.1 Oct 09

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanCha

CVE-2024-12988 MEDIUM POC
6.9 Dec 27

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Rated medium severity

CVE-2022-48196 CRITICAL
9.8 Dec 30

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45638 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. Rated critical sev

CVE-2021-45625 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45624 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45622 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45621 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45620 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45617 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45616 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

Share

CVE-2023-38412 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy