PT-2022-10328 · NetGear · Netgear R8000 Router
Published
2022-09-07
·
Updated
2022-09-12
·
CVE-2021-34236
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Netgear R8000 Router version 1.0.4.56
Description
A buffer overflow issue allows remote attackers to execute arbitrary code or cause a denial-of-service. This is achieved by sending a crafted POST to "/bd genie create account.cgi" with a sufficiently long
register country parameter.Recommendations
For Netgear R8000 Router version 1.0.4.56, consider disabling access to the "/bd genie create account.cgi" endpoint until a patch is available. Restrict the length of the
register country parameter to prevent exploitation.Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear R8000 Router