Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-38922

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.

Published

2023-08-07T19:15:10.477

Last Modified

2024-11-21T08:14:26.843

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	jwnr2000v2_firmware	1.0.0.11	Yes
Hardware	netgear	jwnr2000v2	-	No
Operating System	netgear	xwn5001_firmware	0.4.1.1	Yes
Hardware	netgear	xwn5001	-	No
Operating System	netgear	xavn2001v2_firmware	0.4.0.7	Yes
Hardware	netgear	xavn2001v2	-	No

References

https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md Third Party Advisory ([email protected])
https://www.netgear.com/about/security/ Vendor Advisory ([email protected])
https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.netgear.com/about/security/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)