← Back

CVE-2017-6862

nvd nist
Published: May 26, 2017Modified: Apr 21, 2026CISA KEV

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.

Affected (3)

Netgear
1 product
Wnr2000 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wnr2000 Firmware
Before 1.0.0.42
Running on/withPlatform Versions
Netgear
Wnr2000
Version v5
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wnr2000 Firmware
Before 1.0.0.66
Running on/withPlatform Versions
Netgear
Wnr2000
Version v4
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wnr2000 Firmware
Before 1.1.2.14
Running on/withPlatform Versions
Netgear
Wnr2000
Version v3

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (7)

Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Broken LinkThird Party AdvisoryVDB Entry
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Vendor Advisory
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.