Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-38922

UNKNOWN
Published 2023-08-07T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-38922. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

netgear

jwnr2000v2

Affected Versions:

v1.0.0.11
netgear

xwn5001

Affected Versions:

v0.4.1.1
netgear

xavn2001v2

Affected Versions:

v0.4.0.7

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-652g-h368-fjj3

Advisory Details

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-38922
WEB https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md
WEB https://www.netgear.com/about/security

Advisory provided by GitHub Security Advisory Database. Published: August 7, 2023, Modified: April 4, 2024

References

https://www.netgear.com/about/security/
https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md
Published: 2023-08-07T00:00:00
Last Modified: 2024-10-11T14:15:52.712Z
Copied to clipboard!