Buffer overflow in Hardware solutions

#VU70561 Buffer overflow in Hardware solutions

Published: 2023-01-02

Vulnerability identifier: #VU70561

Vulnerability risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
RAXE500
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAXE450
Hardware solutions / Routers & switches, VoIP, GSM, etc
LAX20
Hardware solutions / Routers & switches, VoIP, GSM, etc
MK83
Hardware solutions / Routers & switches, VoIP, GSM, etc
MR80
Hardware solutions / Routers & switches, VoIP, GSM, etc
MS80
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX42
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX43
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX48
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX45
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX50
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX50S
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX38v2
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX35v2
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX40v2
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX6120
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX6130
Hardware solutions / Routers & switches, VoIP, GSM, etc
MK72
Hardware solutions / Routers & switches, VoIP, GSM, etc
MR70
Hardware solutions / Routers & switches, VoIP, GSM, etc
MS70
Hardware solutions / Routers & switches, VoIP, GSM, etc
MK62
Hardware solutions / Routers & switches, VoIP, GSM, etc
MR60
Hardware solutions / Routers & switches, VoIP, GSM, etc
MS60
Hardware solutions / Routers & switches, VoIP, GSM, etc
XR1000
Hardware solutions / Routers for home users

Vendor:

Description

The vulnerability allows a remote attacker to perform a denial of servie (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://kb.netgear.com/000065492/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2021-0275

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in NETGEAR Routers, Extenders and WiFi Systems