CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40480 – NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40480
22 Aug 2023 — NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DHCP server. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://kb.netgear.com/000065645/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0360-PSV-2022-0361 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40479 – NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40479
22 Aug 2023 — NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://kb.netgear.com/000065645/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0360-PSV-2022-0361 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40478 – NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40478
22 Aug 2023 — NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-s... • https://kb.netgear.com/000065649/Security-Advisory-for-Post-authentication-Buffer-Overflow-on-the-RAX30-PSV-2023-0002 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38921
https://notcve.org/view.php?id=CVE-2023-38921
07 Aug 2023 — Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. • https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/upgrade_handler • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38928
https://notcve.org/view.php?id=CVE-2023-38928
07 Aug 2023 — Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. • https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/usb_remote_invite_password • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-38926
https://notcve.org/view.php?id=CVE-2023-38926
07 Aug 2023 — Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. • https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-38591
https://notcve.org/view.php?id=CVE-2023-38591
07 Aug 2023 — Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. • https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38925
https://notcve.org/view.php?id=CVE-2023-38925
07 Aug 2023 — Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. • https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_smb_pass/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-39550
https://notcve.org/view.php?id=CVE-2023-39550
07 Aug 2023 — Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function. • https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38922
https://notcve.org/view.php?id=CVE-2023-38922
07 Aug 2023 — Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function. • https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •