CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2017-6862

CVSS 9.8v3.1pub. 2017-05-26upd. 2026-04-21

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Wnr2000

    HW
    Netgear
    v3v4v5
  • Netgear Wnr2000 Firmware

    OS
    Netgear
    < 1.0.0.42< 1.0.0.66< 1.1.2.14

CISA KEV — detailsi

Vendori
NETGEAR
Producti
Multiple Devices
Added to KEVi
June 8, 2022
Remediation deadline (US Federal)i
June 22, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 22 czerwca 2022
Tags
RCEAuth BypassMemory
CWE
References

Related vulnerabilities

CVE-2023-50089CRITICAL9.8PL ✓ten sam produkt

Command Injection w NETGEAR WNR2000v4 przez SOAP over HTTP

CVE-2018-21153CRITICAL9.8ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 b...

CVE-2022-46423HIGH8.1ten sam produkt

An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker...

CVE-2018-21211HIGH8.8ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 b...

CVE-2016-11059HIGH7.5ten sam produkt

Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before...