PT-2020-8293 · NetGear · Netgear R6300V2+7

Published

2020-04-23

·

Updated

2020-04-23

·

CVE-2017-18744

CVSS v3.1

8.8

High

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: NETGEAR R6250 versions prior to 1.0.4.12 NETGEAR R6300v2 versions prior to 1.0.4.12 NETGEAR R6700 versions prior to 1.0.1.22 NETGEAR R6900 versions prior to 1.0.1.22 NETGEAR R7000 versions prior to 1.0.9.4 NETGEAR R7900 versions prior to 1.0.1.12 NETGEAR R8000 versions prior to 1.0.3.24 NETGEAR R8500 versions prior to 1.0.2.74
Description: The issue is a buffer overflow that can be exploited by an unauthenticated attacker. This allows the attacker to potentially execute arbitrary code on the affected device.
Recommendations: For NETGEAR R6250 versions prior to 1.0.4.12, update to version 1.0.4.12 or later. For NETGEAR R6300v2 versions prior to 1.0.4.12, update to version 1.0.4.12 or later. For NETGEAR R6700 versions prior to 1.0.1.22, update to version 1.0.1.22 or later. For NETGEAR R6900 versions prior to 1.0.1.22, update to version 1.0.1.22 or later. For NETGEAR R7000 versions prior to 1.0.9.4, update to version 1.0.9.4 or later. For NETGEAR R7900 versions prior to 1.0.1.12, update to version 1.0.1.12 or later. For NETGEAR R8000 versions prior to 1.0.3.24, update to version 1.0.3.24 or later. For NETGEAR R8500 versions prior to 1.0.2.74, update to version 1.0.2.74 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2017-18744

Affected Products

Netgear R6250
Netgear R6300V2
Netgear R6700
Netgear R6900P
Netgear R7000
Netgear R7900
Netgear R8000
Netgear R8500