CVE-2017-6862

NETGEAR Multiple Devices Buffer Overflow Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.

Dispositivos NETGEAR WNR2000v3 anteriores a 1.1.2.14, WNR2000v4 anteriores a 1.0.0.42 permite rodear la autentificación y ejecutar código remoto mediante un buffer overflow que usa un parámetro en la administración de la aplicación. El ID del NETGEAR es PSV-2016-0261.

Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-03-13 CVE Reserved
2017-05-26 CVE Published
2022-06-08 Exploited in Wild
2022-06-22 KEV Due Date
2024-06-29 EPSS Updated
2024-08-05 CVE Updated
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/98740	Broken Link
https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_netgear_wnr2000v5_-_cve-2017-6862.pdf	Broken Link

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.netgear.com/000038542/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-Some-Routers-PSV-2016-0261	2024-06-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netgear Search vendor "Netgear"	Wnr2000v5 Firmware Search vendor "Netgear" for product "Wnr2000v5 Firmware"	< 1.0.0.42 Search vendor "Netgear" for product "Wnr2000v5 Firmware" and version " < 1.0.0.42"	-	Affected	in	Netgear Search vendor "Netgear"	Wnr2000v5 Search vendor "Netgear" for product "Wnr2000v5"	-	-	Safe
Netgear Search vendor "Netgear"	Wnr2000v4 Firmware Search vendor "Netgear" for product "Wnr2000v4 Firmware"	< 1.0.0.66 Search vendor "Netgear" for product "Wnr2000v4 Firmware" and version " < 1.0.0.66"	-	Affected	in	Netgear Search vendor "Netgear"	Wnr2000v4 Search vendor "Netgear" for product "Wnr2000v4"	-	-	Safe
Netgear Search vendor "Netgear"	Wnr2000v3 Firmware Search vendor "Netgear" for product "Wnr2000v3 Firmware"	< 1.1.2.14 Search vendor "Netgear" for product "Wnr2000v3 Firmware" and version " < 1.1.2.14"	-	Affected	in	Netgear Search vendor "Netgear"	Wnr2000v3 Search vendor "Netgear" for product "Wnr2000v3"	-	-	Safe