PT-2023-27016 · NetGear · Netgear Wnr2000V2
Published
2023-08-07
·
Updated
2023-08-09
·
CVE-2023-39550
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Netgear JWNR2000v2 version 1.0.0.11
XWN5001 version 0.4.1.1
XAVN2001v2 version 0.4.0.7
Description
The issue is related to multiple buffer overflows that can occur via the
http passwd and http username parameters in the check auth function. This can potentially allow for unauthorized access or execution of malicious code.Recommendations
For Netgear JWNR2000v2 version 1.0.0.11, consider disabling the
check auth function until a patch is available.
For XWN5001 version 0.4.1.1, restrict access to the parameters http passwd and http username to minimize the risk of exploitation.
For XAVN2001v2 version 0.4.0.7, avoid using the http passwd and http username parameters in the affected API endpoint until the issue is resolved.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Wnr2000V2