CVE-2023-36187

high-risk

Published 2023-09-01

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.

Do I need to act?

4.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (15)

Cbr40 Firmware

Lax20 Firmware

Mk62 Firmware

Mr60 Firmware

Ms60 Firmware

Rbw30 Firmware

R6400 Firmware

R6400V2 Firmware

R6700V3 Firmware

R7000 Firmware

R7000P Firmware

Rax200 Firmware

Rax75 Firmware

Rax80 Firmware

Rs400 Firmware

Affected Vendors

Netgear

References (2)

Vendor Advisory https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 8/34 · Low

Exposure 18/34 · Moderate