CVE-2017-6862
KEV
🔴 Łataj teraz
Przepełnienie bufora w urządzeniach NETGEAR WNR2000 umożliwia zdalne wykonanie kodu.
CVSS
9.8
EPSS
43.1%
Exploit
weaponized
Vendor
netgear
Opis źródłowy (NVD)
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.
auth-bypass buffer-overflow rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 43.1% |
| Opublikowano (NVD) | 2017-05-26 20:29:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 19:05:31 UTC |
Referencje
- http://www.securityfocus.com/bid/98740 (a2826606-91e7-4eb6-899e-8484bd4575d5) [Broken Link, Third Party Advisory, VDB Entry]
- https://kb.netgear.com/000038542/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-Some-Routers-PSV-2016-0261 (a2826606-91e7-4eb6-899e-8484bd4575d5) [Vendor Advisory]
- https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_netgear_wnr2000v5_-_cve-2017-6862.pdf (a2826606-91e7-4eb6-899e-8484bd4575d5) [Broken Link]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6862 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]