Stack Overflow Vulnerability in Netgear N300 Wireless Router
CVE-2022-31937

9.8CRITICAL

Key Information:

Vendor

Netgear
Status
Wnr2000v4 Firmware
Vendor
CVE Published:
22 September 2022

What is CVE-2022-31937?

A stack overflow vulnerability has been identified in the Netgear N300 wireless router (WNR2000v4 - V1.0.0.70), stemming from improper handling of strings in the uhttpd component using the strcpy function. This flaw could potentially allow an attacker to execute malicious code, compromise the device's functionality, and execute unauthorized commands. It is crucial for users to examine their router configurations and apply necessary security updates to mitigate this risk.

References

https://www.netgear.com/about/security/
x_refsource_MISC
https://www.netgear.com/support/download/?model=WNR2000v4
x_refsource_MISC
https://github.com/Davidteeri/Bug-Report/blob/main/netgea...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.