CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38922
https://notcve.org/view.php?id=CVE-2023-38922
07 Aug 2023 — Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function. • https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-39550
https://notcve.org/view.php?id=CVE-2023-39550
07 Aug 2023 — Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function. • https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46424
https://notcve.org/view.php?id=CVE-2022-46424
20 Dec 2022 — An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v0.4.1.1 and earlier. Se descubrió una vulnerabilidad de modificación de firmware explotable en el punto de acceso WiFi Netgear XWN5001 Powerline 500. Un atacante puede ... • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1rKQuzDj •