Denial of service in NETGEAR Routers



Published: 2022-12-07
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		RAXE300
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX30
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX29
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU70035

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

RAXE300: before 1.0.2.22_3

RAX30: before 1.0.6.74

RAX29: before 1.0.6.74

CPE2.3
External links

http://kb.netgear.com/000065324/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2019-0215

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###