Buffer Overflow Vulnerability in Netgear N300 Wireless Router
CVE-2022-37232

9.8CRITICAL

Key Information:

Vendor
Netgear
Status
Wnr2000v4 Firmware
Vendor
CVE Published:
23 September 2022

Summary

The Netgear N300 wireless router, specifically model WNR2000v4 with firmware version V1.0.0.70, is susceptible to a buffer overflow vulnerability in the uhttpd server. This flaw is triggered by the improper use of the strcpy function, leading to potential stack overflow scenarios. Attackers exploiting this vulnerability could remotely execute arbitrary code, posing significant risks to the security and integrity of the affected systems. Users are advised to review security updates and mitigate risks by employing recommended security practices.

References

https://www.netgear.com/about/security/
x_refsource_MISC
https://www.netgear.com/support/download/?model=WNR2000v4
x_refsource_MISC
https://github.com/Davidteeri/Bug-Report/blob/main/netgea...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.