Denial of service in some NETGEAR Routers and Extenders

Published: 2022-04-11

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU62046

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]


CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.


Install updates from vendor's website.

Vulnerable software versions

RAX80: before

RAX75: before

CBR40: before

EX3700: before

EX3800: before

EX6000: before

EX6120: before

EX6130: before

EX7000: before

EX7500: before

R6400: before

R6900P: before

R7000: before

R7000P: before

R8000: before

R8000P: before

RBS40V: before

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.