#VU62045 Input validation error


Published: 2022-04-11

Vulnerability identifier: #VU62045

Vulnerability risk: Low

CVSSv3.1: 6.6 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
RAX80
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX75
Hardware solutions / Routers & switches, VoIP, GSM, etc
CBR40
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX3700
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX3800
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX6000
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX6120
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX6130
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX7000
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX7500
Hardware solutions / Routers & switches, VoIP, GSM, etc
R8000P
Hardware solutions / Routers & switches, VoIP, GSM, etc
RBS40V
Hardware solutions / Routers & switches, VoIP, GSM, etc
DGN2200v4
Hardware solutions / Routers for home users
R6400
Hardware solutions / Routers for home users
R7000
Hardware solutions / Routers for home users
R7000P
Hardware solutions / Routers for home users
R8000
Hardware solutions / Routers for home users
WNR3500Lv2
Hardware solutions / Routers for home users

Vendor:

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions


External links
http://kb.netgear.com/000064744/Security-Advisory-for-Denial-of-Service-on-Some-Routers-and-Extenders-PSV-2019-0025


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability