CVE-2022-37232
 
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.
El router inalámbrico N300 de Netgear wnr2000v4 versión V1.0.0.70, es vulnerable al desbordamiento del búfer por medio de uhttpd. Se presenta una vulnerabilidad de desbordamiento de pila causada por strcpy.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-01 CVE Reserved
- 2022-09-23 CVE Published
- 2024-04-30 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x429cbc.md | Broken Link | |
https://www.netgear.com/support/download/?model=WNR2000v4 | Product |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.netgear.com/about/security | 2022-09-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netgear Search vendor "Netgear" | Wnr2000v4 Firmware Search vendor "Netgear" for product "Wnr2000v4 Firmware" | 1.0.0.70 Search vendor "Netgear" for product "Wnr2000v4 Firmware" and version "1.0.0.70" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr2000v4 Search vendor "Netgear" for product "Wnr2000v4" | - | - |
Safe
|