Vulnerability Description
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Cbr40 Firmware | < 2.5.0.24 |
| Netgear | Cbr40 | - |
| Netgear | Lax20 Firmware | < 1.1.6.34 |
| Netgear | Lax20 | - |
| Netgear | Mk62 Firmware | < 1.1.6.122 |
| Netgear | Mk62 | - |
| Netgear | Mr60 Firmware | < 1.1.6.122 |
| Netgear | Mr60 | - |
| Netgear | Ms60 Firmware | < 1.1.6.122 |
| Netgear | Ms60 | - |
| Netgear | Rbw30 Firmware | < 2.6.2.6 |
| Netgear | Rbw30 | - |
| Netgear | R6400 Firmware | < 1.0.1.70 |
| Netgear | R6400 | - |
| Netgear | R6400V2 Firmware | < 1.0.4.118 |
| Netgear | R6400V2 | - |
| Netgear | R6700V3 Firmware | < 1.0.4.118 |
| Netgear | R6700V3 | - |
| Netgear | R7000 Firmware | < 1.0.11.130 |
| Netgear | R7000 | - |
Related Weaknesses (CWE)
References
- https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-BufferVendor Advisory
- https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-BufferVendor Advisory
FAQ
What is CVE-2023-36187?
CVE-2023-36187 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
How severe is CVE-2023-36187?
CVE-2023-36187 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-36187?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Cbr40 Firmware, Netgear Cbr40, Netgear Lax20 Firmware, Netgear Lax20, Netgear Mk62 Firmware.