CVE-2020-35799Out-of-bounds Write in Netgear D3600 Firmware

CWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICALNVD
CNA8.8
EPSS
1.5%
top 18.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
46
Netgear D3600 FirmwareNetgear D6000 FirmwareNetgear D6200 Firmware+43 more
Timeline
PublishedDec 30
Latest updateMay 24

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6200 before 1.1.00.32, D7000 before 1.0.1.68, D7800 before 1.0.1.56, DM200 before 1.0.0.61, EX2700 before 1.0.1.52, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.74, EX6400 before 1.0.2.140, EX7300 before 1.0.2.140, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages46 packages

NVDnetgear/d3600_firmware< 1.0.0.76
NVDnetgear/d6000_firmware< 1.0.078
NVDnetgear/d6200_firmware< 1.1.00.32
NVDnetgear/d7000_firmware< 1.0.1.68

🔴Vulnerability Details

2
GHSA
GHSA-3mwp-vjrv-6crj: Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker2022-05-24
CVEList
CVE-2020-35799: Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker2020-12-29