CVE-2023-30280

Name of the Vulnerable Software and Affected Versions Netgear R6900 version 1.0.2.26 Netgear R6700v3 version 1.0.4.128 Netgear R6700 version 1.0.0.26

Description A Buffer Overflow issue allows a remote attacker to execute arbitrary code and cause a denial of service via the getInputData parameter of the "fwSchedule.cgi" page. The vulnerability is related to the lack of size checking for input data when handling the getInputData parameter, which can be exploited by a remote attacker to achieve arbitrary code execution or cause a denial of service.

Recommendations For Netgear R6900 version 1.0.2.26, consider disabling access to the "fwSchedule.cgi" page until a patch is available. For Netgear R6700v3 version 1.0.4.128, restrict the use of the getInputData parameter in the "fwSchedule.cgi" page to minimize the risk of exploitation. For Netgear R6700 version 1.0.0.26, avoid using the getInputData parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.