CVE-2023-38925

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Netgear DC112A version 1.0.0.64 Netgear EX6200 version 1.0.3.94 Netgear R6300v2 version 1.0.4.8

Description A buffer overflow issue was discovered via the http passwd parameter in password.cgi. This issue affects Netgear devices.

Recommendations For Netgear DC112A version 1.0.0.64, consider disabling access to the password.cgi until a patch is available. For Netgear EX6200 version 1.0.3.94, restrict the use of the http passwd parameter in the password.cgi to minimize the risk of exploitation. For Netgear R6300v2 version 1.0.4.8, avoid using the http passwd parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2023-38925

Affected Products

Netgear Dc112A

Netgear Ex6200

Netgear R6300V2

CVE-2023-38925

Weakness Enumeration

Related Identifiers

Affected Products

References · 5