Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for xavn2001v2_firmware by netgear

    CVE-2023-39550 (GCVE-0-2023-39550)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-17 14:24
    VLAI
    Summary
    Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    netgear jwnr2000v2 Affected: v1.0.0.11,
        cpe:2.3:h:netgear:jwnr2000v2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    netgear xwn5001 Affected: v0.4.1.1
        cpe:2.3:h:netgear:xwn5001:-:*:*:*:*:*:*:*
    Create a notification for this product.
    netgear xavn2001v2 Affected: v0.4.0.7
        cpe:2.3:h:netgear:xavn2001v2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:21.460Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netgear.com/about/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:netgear:jwnr2000v2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jwnr2000v2",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v1.0.0.11,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:netgear:xwn5001:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xwn5001",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v0.4.1.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:netgear:xavn2001v2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xavn2001v2",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v0.4.0.7"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39550",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:21:21.614216Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:24:59.568Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.netgear.com/about/security/"
            },
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-39550",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-08-04T00:00:00.000Z",
        "dateUpdated": "2024-10-17T14:24:59.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38922 (GCVE-0-2023-38922)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-11 14:15
    VLAI
    Summary
    Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    netgear jwnr2000v2 Affected: v1.0.0.11
        cpe:2.3:h:netgear:jwnr2000v2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    netgear xwn5001 Affected: v0.4.1.1
        cpe:2.3:h:netgear:xwn5001:-:*:*:*:*:*:*:*
    Create a notification for this product.
    netgear xavn2001v2 Affected: v0.4.0.7
        cpe:2.3:h:netgear:xavn2001v2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netgear.com/about/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:netgear:jwnr2000v2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jwnr2000v2",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v1.0.0.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:netgear:xwn5001:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xwn5001",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v0.4.1.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:netgear:xavn2001v2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xavn2001v2",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v0.4.0.7"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38922",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T14:14:29.997810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T14:15:52.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.netgear.com/about/security/"
            },
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38922",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-11T14:15:52.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23110 (GCVE-0-2023-23110)

    Vulnerability from nvd – Published: 2023-02-02 00:00 – Updated: 2025-03-26 20:39
    VLAI
    Summary
    An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:39.174Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netgear.com/about/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SJCGkb-9o"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/r1Z4BX-5i"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/H1lIcXbco"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/ryjVZz-5s"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1t47Ebqj"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1BNhbWqi"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HyZRxmb9s"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkBPIeGco"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1qWglM5o"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23110",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T20:38:58.938122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-494",
                    "description": "CWE-494 Download of Code Without Integrity Check",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T20:39:41.477Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-02T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.netgear.com/about/security/"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SJCGkb-9o"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/r1Z4BX-5i"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/H1lIcXbco"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/ryjVZz-5s"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1t47Ebqj"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1BNhbWqi"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HyZRxmb9s"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkBPIeGco"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1qWglM5o"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-23110",
        "datePublished": "2023-02-02T00:00:00.000Z",
        "dateReserved": "2023-01-11T00:00:00.000Z",
        "dateUpdated": "2025-03-26T20:39:41.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39550 (GCVE-0-2023-39550)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-17 14:24
    VLAI
    Summary
    Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    netgear jwnr2000v2 Affected: v1.0.0.11,
        cpe:2.3:h:netgear:jwnr2000v2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    netgear xwn5001 Affected: v0.4.1.1
        cpe:2.3:h:netgear:xwn5001:-:*:*:*:*:*:*:*
    Create a notification for this product.
    netgear xavn2001v2 Affected: v0.4.0.7
        cpe:2.3:h:netgear:xavn2001v2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:21.460Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netgear.com/about/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:netgear:jwnr2000v2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jwnr2000v2",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v1.0.0.11,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:netgear:xwn5001:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xwn5001",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v0.4.1.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:netgear:xavn2001v2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xavn2001v2",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v0.4.0.7"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39550",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:21:21.614216Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:24:59.568Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.netgear.com/about/security/"
            },
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-39550",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-08-04T00:00:00.000Z",
        "dateUpdated": "2024-10-17T14:24:59.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38922 (GCVE-0-2023-38922)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-11 14:15
    VLAI
    Summary
    Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    netgear jwnr2000v2 Affected: v1.0.0.11
        cpe:2.3:h:netgear:jwnr2000v2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    netgear xwn5001 Affected: v0.4.1.1
        cpe:2.3:h:netgear:xwn5001:-:*:*:*:*:*:*:*
    Create a notification for this product.
    netgear xavn2001v2 Affected: v0.4.0.7
        cpe:2.3:h:netgear:xavn2001v2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netgear.com/about/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:netgear:jwnr2000v2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jwnr2000v2",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v1.0.0.11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:netgear:xwn5001:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xwn5001",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v0.4.1.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:netgear:xavn2001v2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xavn2001v2",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v0.4.0.7"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38922",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T14:14:29.997810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T14:15:52.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.netgear.com/about/security/"
            },
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38922",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-11T14:15:52.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23110 (GCVE-0-2023-23110)

    Vulnerability from cvelistv5 – Published: 2023-02-02 00:00 – Updated: 2025-03-26 20:39
    VLAI
    Summary
    An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:39.174Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netgear.com/about/security/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SJCGkb-9o"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/r1Z4BX-5i"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/H1lIcXbco"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/ryjVZz-5s"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1t47Ebqj"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1BNhbWqi"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HyZRxmb9s"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkBPIeGco"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1qWglM5o"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23110",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T20:38:58.938122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-494",
                    "description": "CWE-494 Download of Code Without Integrity Check",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T20:39:41.477Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-02T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.netgear.com/about/security/"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SJCGkb-9o"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/r1Z4BX-5i"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/H1lIcXbco"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/ryjVZz-5s"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1t47Ebqj"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1BNhbWqi"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HyZRxmb9s"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkBPIeGco"
            },
            {
              "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1qWglM5o"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-23110",
        "datePublished": "2023-02-02T00:00:00.000Z",
        "dateReserved": "2023-01-11T00:00:00.000Z",
        "dateUpdated": "2025-03-26T20:39:41.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }