Multiple Buffer Overflow Vulnerabilities in Netgear Router R6900P
CVE-2023-38412

8.8HIGH

Key Information:

Vendor: Netgear
Status: R6900p Firmware
Vendor: CVE Published:; 7 August 2023

Summary

The Netgear R6900P router version 1.3.3.154 is vulnerable to multiple buffer overflow issues when handling user-defined input through the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. These weaknesses may allow attackers to execute arbitrary code or crash the device, potentially leading to unauthorized access and manipulation of network traffic. Users should apply any available patches or updates to mitigate these security risks.

References

https://www.netgear.com/about/security/

https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nv...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Aug 7, 2023