Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, R7960P before 1.4.1.66, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, and RAX200 before 1.0.3.106.

Related CPE's

o

netgear

r8000p_firmware

Vulnerable

h

netgear

r8000p

-

o

netgear

mk62_firmware

Vulnerable

h

netgear

mk62

-

o

netgear

mr60_firmware

Vulnerable

h

netgear

mr60

-

o

netgear

ms60_firmware

Vulnerable

h

netgear

ms60

-

o

netgear

r7960p_firmware

Vulnerable

h

netgear

r7960p

-

o

netgear

r7900p_firmware

Vulnerable

h

netgear

r7900p

-

o

netgear

rax15_firmware

Vulnerable

h

netgear

rax15

-

o

netgear

rax20_firmware

Vulnerable

h

netgear

rax20

-

o

netgear

rax45_firmware

Vulnerable

h

netgear

rax45

-

o

netgear

rax50_firmware

Vulnerable

h

netgear

rax50

-

o

netgear

rax75_firmware

Vulnerable

h

netgear

rax75

-

o

netgear

rax80_firmware

Vulnerable

h

netgear

rax80

-

o

netgear

rax200_firmware

Vulnerable

h

netgear

rax200

-

References

https://kb.netgear.com/000063013/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0212

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.4 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-03-23T07:15:13.703

4 years ago

Last modified

2021-03-24T20:21:32.530

4 years ago