CVE-2023-38925

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

8.8HIGH

EPSS

21.1%

top 4.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Dc112a Firmware Netgear Ex6200 Firmware Netgear R6300v2 Firmware

Timeline

PublishedAug 7

Latest updateOct 15

Description

Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDnetgear/dc112a_firmware1.0.0.64

▶NVDnetgear/ex6200_firmware1.0.3.94

▶NVDnetgear/r6300v2_firmware1.0.4.8

🔴Vulnerability Details

CVEList

CVE-2023-38925: Netgear DC112A 1↗2023-08-07

▶

GHSA

GHSA-f5hq-43p7-h62j: Netgear DC112A 1↗2023-08-07

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Netgear password.cgi http_passwd Parameter Buffer Overflow Attempt (CVE-2023-38925)↗2025-10-15

▶