NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetgear Wnr2000
HWNetgearv3v4v5Netgear Wnr2000 Firmware
OSNetgear< 1.0.0.42< 1.0.0.66< 1.1.2.14
CISA KEV — detailsi
- Vendori
- NETGEAR
- Producti
- Multiple Devices
- Added to KEVi
- June 8, 2022
- Remediation deadline (US Federal)i
- June 22, 2022(overdue)
Apply updates per vendor instructions.
Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution.
Related vulnerabilities
Command Injection w NETGEAR WNR2000v4 przez SOAP over HTTP
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 b...
An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker...
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 b...
Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before...