Buffer Overflow Vulnerability in Netgear Nighthawk AC1900 Smart WiFi Router
CVE-2022-37234

7.8HIGH

Key Information:

Vendor
Netgear
Status
R7000 Firmware
Vendor
CVE Published:
22 September 2022

Summary

The Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router is subject to a buffer overflow attack via the wl binary included in its firmware. This issue arises from a stack overflow vulnerability resulting from improper handling of the strncpy function. Exploiting this vulnerability could allow attackers to execute arbitrary code and potentially compromise the router's functionality and security. Users of version R7000-V1.0.11.134_10.2.119 are encouraged to update to the latest firmware to mitigate this risk.

References

https://www.netgear.com/about/security/
x_refsource_MISC
https://www.netgear.com/support/download/?model=R7000
x_refsource_MISC
https://github.com/Davidteeri/Bug-Report/blob/main/netgea...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.