CVE-2017-6862

Published May 26, 2017

Last updated 2 months ago

Exploit known CVSS critical 9.8

Overview

Description: NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
NVD status: Analyzed
Products: wnr2000_firmware

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Known exploits

Data from CISA

Vulnerability name: NETGEAR Multiple Devices Buffer Overflow Vulnerability
Exploit added on: Jun 8, 2022
Exploit action due: Jun 22, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-120
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B3B5B30F-0159-48B6-BC8D-BF8F2EE519D6",
            "versionEndExcluding": "1.0.0.42",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*",
            "matchCriteriaId": "317F25FF-B3A2-4C68-888F-D2627C564867",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "9F3D02E3-8FA1-4129-A4B2-25235AF0E49C",
            "versionEndExcluding": "1.0.0.66",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:wnr2000:v4:*:*:*:*:*:*:*",
            "matchCriteriaId": "D2913468-C442-48A3-8AD9-A2F3CCDD7952",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "37CCF16C-0F1C-4E4B-BA96-7754C6B33F4F",
            "versionEndExcluding": "1.1.2.14",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:wnr2000:v3:*:*:*:*:*:*:*",
            "matchCriteriaId": "C547734B-BF1A-4CD9-8FD8-9ECB3D15B0BA",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References