CVE-2023-38922

Name of the Vulnerable Software and Affected Versions Netgear JWNR2000v2 version 1.0.0.11 Netgear XWN5001 version 0.4.1.1 Netgear XAVN2001v2 version 0.4.0.7

Description The issue is related to buffer overflows in the update auth function, which can be exploited via the http passwd and http username parameters. This can potentially allow a remote attacker to execute arbitrary code. The check auth function is also mentioned as being related to the vulnerability, although its specific role is not detailed.

Recommendations For Netgear JWNR2000v2 version 1.0.0.11, consider disabling the update auth function until a patch is available. For Netgear XWN5001 version 0.4.1.1, restrict access to the parameters http passwd and http username to minimize the risk of exploitation. For Netgear XAVN2001v2 version 0.4.0.7, avoid using the update auth function and its related parameters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.