CVE-2023-38925 - OpenCVE

Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Netgear	Dc112a Firmware Ex6200 Firmware Dc112a Ex6200 R6300v2 Firmware R6300v2

Configuration 1 [-]

AND

cpe:2.3:o:netgear:dc112a_firmware:1.0.0.64:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:ex6200_firmware:1.0.3.94:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:r6300v2_firmware:1.0.4.8:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6300v2:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_smb_pass/README.md	Third Party Advisory
https://www.netgear.com/about/security/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-07T00:00:00

Updated: 2023-08-07T00:00:00

Reserved: 2023-07-25T00:00:00

Link: CVE-2023-38925

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-07T19:15:10.633

Modified: 2023-08-09T18:04:34.407

Link: CVE-2023-38925

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:dc112a_firmware:1.0.0.64:*:*:*:*:*:*:*", "matchCriteriaId": "40766026-137D-4E44-9DEC-18E1B66CD074", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87FFC46-137D-45B8-B437-F15565FB33D0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6200_firmware:1.0.3.94:*:*:*:*:*:*:*", "matchCriteriaId": "E7B6521D-DFB6-47BF-8D4C-559763C56C9F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*", "matchCriteriaId": "3186CC67-B567-4A0C-BD2C-0433716FBD1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6300v2_firmware:1.0.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "54C33521-BF2B-4C9B-BA3B-90ADB6B61145", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6300v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "7909744D-FE9B-49D1-ADB3-029CCC432A47", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi."}], "id": "CVE-2023-38925", "lastModified": "2023-08-09T18:04:34.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-07T19:15:10.633", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_smb_pass/README.md"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.netgear.com/about/security/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}