Buffer overflow

2023-08-0719:15:00

PRIOn knowledge base

www.prio-n.com

netgear

jwnr2000v2

xwn5001

xavn2001v2

buffer overflows

http_passwd

http_username

update_auth function

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.

CPENameOperatorVersion
jwnr2000v2_firmwareeq1.0.0.11
xavn2001v2_firmwareeq0.4.0.7
xwn5001_firmwareeq0.4.1.1

Name	Operator	Version
jwnr2000v2_firmware	eq	1.0.0.11
xavn2001v2_firmware	eq	0.4.0.7
xwn5001_firmware	eq	0.4.1.1

References

github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md

www.netgear.com/about/security/