CVE-2023-38925

high-risk

Published 2023-08-07

Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.

Do I need to act?

21.1% chance of exploitation in next 30 days

EPSS score — higher than 79% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (3)

Dc112A Firmware

Ex6200 Firmware

R6300V2 Firmware

Affected Vendors

Netgear

References (4)

Third Party Advisory https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_smb_pass/READ...

Vendor Advisory https://www.netgear.com/about/security/

Third Party Advisory https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_smb_pass/READ...

Vendor Advisory https://www.netgear.com/about/security/

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 14/34 · Moderate

Exposure 9/34 · Low