CVE-2023-30280

Published: Apr 26, 2023Modified: Feb 3, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.

Affected (3)

Products: Netgear: R6900 Firmware, R6700 Firmware

Netgear

2 products

R6900 Firmware

R6700 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900 Firmware	Version 1.0.2.26

Running on/with	Platform Versions
Netgear R6900	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6700 Firmware	Version 1.0.0.26

Running on/with	Platform Versions
Netgear R6700	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6700 Firmware	Version 1.0.4.128

Running on/with	Platform Versions
Netgear R6700	Version v3

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://github.com/

Source: cve@mitre.org

Not Applicable

https://www.netgear.com/about/security/

Source: cve@mitre.org

Vendor Advisory

https://github.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://www.netgear.com/about/security/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.