ID

VAR-202308-3144


CVE

CVE-2023-38926


TITLE

of netgear  EX6200  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-021106

DESCRIPTION

Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. of netgear EX6200 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The vulnerability originates from the fact that the wla_temp_ssid parameter in acosNvramConfig_set fails to correctly verify the length of the input data. Remote attackers can use this vulnerability to execute arbitrary code on the system or cause denial of service attack

Trust: 2.16

sources: NVD: CVE-2023-38926 // JVNDB: JVNDB-2023-021106 // CNVD: CNVD-2023-64070

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-64070

AFFECTED PRODUCTS

vendor:netgearmodel:ex6200scope:eqversion:1.0.3.94

Trust: 1.0

vendor:ネットギアmodel:ex6200scope:eqversion:ex6200 firmware 1.0.3.94

Trust: 0.8

vendor:ネットギアmodel:ex6200scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex6200scope:eqversion: -

Trust: 0.8

vendor:netgearmodel:ex6200scope:eqversion:v1.0.3.94

Trust: 0.6

sources: CNVD: CNVD-2023-64070 // JVNDB: JVNDB-2023-021106 // NVD: CVE-2023-38926

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-38926
value: HIGH

Trust: 1.0

NVD: CVE-2023-38926
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-64070
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-64070
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-38926
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-38926
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-64070 // JVNDB: JVNDB-2023-021106 // NVD: CVE-2023-38926

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-021106 // NVD: CVE-2023-38926

PATCH

title:Patch for NETGEAR EX6200 Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/452016

Trust: 0.6

sources: CNVD: CNVD-2023-64070

EXTERNAL IDS

db:NVDid:CVE-2023-38926

Trust: 3.2

db:JVNDBid:JVNDB-2023-021106

Trust: 0.8

db:CNVDid:CNVD-2023-64070

Trust: 0.6

sources: CNVD: CNVD-2023-64070 // JVNDB: JVNDB-2023-021106 // NVD: CVE-2023-38926

REFERENCES

url:https://github.com/firmrec/iot-vulns/blob/main/netgear/nvram_ssid/readme.md

Trust: 2.4

url:https://www.netgear.com/about/security/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-38926

Trust: 0.8

sources: CNVD: CNVD-2023-64070 // JVNDB: JVNDB-2023-021106 // NVD: CVE-2023-38926

SOURCES

db:CNVDid:CNVD-2023-64070
db:JVNDBid:JVNDB-2023-021106
db:NVDid:CVE-2023-38926

LAST UPDATE DATE

2024-08-14T15:26:26.773000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-64070date:2023-08-21T00:00:00
db:JVNDBid:JVNDB-2023-021106date:2024-01-18T06:49:00
db:NVDid:CVE-2023-38926date:2023-08-09T18:04:22.037

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-64070date:2023-08-16T00:00:00
db:JVNDBid:JVNDB-2023-021106date:2024-01-18T00:00:00
db:NVDid:CVE-2023-38926date:2023-08-07T19:15:10.707