Buffer Overflow Vulnerability in Netgear Routers and Extenders
CVE-2023-39550

8.8HIGH

Key Information:

Vendor: Netgear
Status: Jwnr2000v2 Firmware
Vendor: CVE Published:; 7 August 2023

What is CVE-2023-39550?

Multiple buffer overflow vulnerabilities were identified in Netgear JWNR2000v2, XWN5001, and XAVN2001v2 devices. The issues arise through inadequately validated input parameters in the check_auth function, specifically impacting the http_passwd and http_username fields. Exploiting these vulnerabilities could allow unauthorized access and potential control over the affected devices, jeopardizing network security. Users are encouraged to update their firmware and follow security best practices to mitigate these risks.

References

https://www.netgear.com/about/security/

https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/ht...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Aug 4, 2023