CVE-2023-36187

CRITICAL

NETGEAR R6400v2 <1.0.4.118 - Buffer Overflow

Title source: llm

Description

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.

References (1)

Core 1

Core References

Vendor Advisory

https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578

Scores

CVSS v3 9.8

EPSS 0.0454

EPSS Percentile 89.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-120

Status published

Products (15)

netgear/cbr40_firmware < 2.5.0.24

netgear/lax20_firmware < 1.1.6.34

netgear/mk62_firmware < 1.1.6.122

netgear/mr60_firmware < 1.1.6.122

netgear/ms60_firmware < 1.1.6.122

netgear/r6400_firmware < 1.0.1.70

netgear/r6400v2_firmware < 1.0.4.118

netgear/r6700v3_firmware < 1.0.4.118

netgear/r7000_firmware < 1.0.11.130

netgear/r7000p_firmware < 1.3.3.148

... and 5 more

Published Sep 01, 2023

Tracked Since Feb 18, 2026