Description
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before 1.0.2.144, RAX75 before 1.0.3.106, R8300 before 1.0.2.144, and RAX80 before 1.0.3.106.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://kb.netgear.com/000064488/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0323
Scores
CVSS v3
9.6
EPSS
0.0034
EPSS Percentile
56.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-120
Status
published
Products (9)
netgear/dc112a_firmware
< 1.0.0.52
netgear/r6400_firmware
< 1.0.1.68
netgear/r8300_firmware
< 1.0.2.144
netgear/r8500_firmware
< 1.0.2.144
netgear/rax200_firmware
< 1.0.3.106
netgear/rax75_firmware
< 1.0.3.106
netgear/rax80_firmware
< 1.0.3.106
netgear/wndr3400v3_firmware
< 1.0.1.38
netgear/xr300_firmware
< 1.0.3.68
Published
Dec 26, 2021
Tracked Since
Feb 18, 2026