CVE-2017-6862

Published May 26, 2017

Last updated a month ago

Exploit known CVSS critical 9.8

Overview

Description: NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Known exploits

Data from CISA

Vulnerability name: NETGEAR Multiple Devices Buffer Overflow Vulnerability
Exploit added on: Jun 8, 2022
Exploit action due: Jun 22, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-120
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E2C503D-A603-4C93-9125-E72CE6D98219",
            "versionEndExcluding": "1.0.0.42"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "671EC923-DC84-47D6-B943-0F7DA8168334"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:wnr2000v4_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "598F1EB8-757F-4E3B-B1FD-C50C94B1632B",
            "versionEndExcluding": "1.0.0.66"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B3AE1DD1-5DB7-403A-805B-EDB364EF28D5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:wnr2000v3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61B034B2-3B15-4C7B-A47E-04DDF36992AF",
            "versionEndExcluding": "1.1.2.14"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:wnr2000v3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95BBF3EA-0F98-4A99-8312-30E1E47AC4C4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References