Is CVE-2023-36187 actively exploited?

CVE-2023-36187 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2023-36187?

CVE-2023-36187 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2023-36187?

Patch guidance is available from netgear security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-36187.

Fix CVE-2023-36187 - CRITICAL netgear cbr40 firmware

Q: Which products are affected by CVE-2023-36187?

15 products: netgear cbr40 firmware, netgear lax20 firmware, netgear mk62 firmware, netgear mr60 firmware, netgear ms60 firmware, and 10 more.

Description

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-120

Metadata

Primary Vendor: NETGEAR
Published: 9/1/2023
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

netgear : cbr40_firmwarenetgear : lax20_firmwarenetgear : mk62_firmwarenetgear : mr60_firmwarenetgear : ms60_firmwarenetgear : rbw30_firmwarenetgear : r6400_firmwarenetgear : r6400v2_firmwarenetgear : r6700v3_firmwarenetgear : r7000_firmwarenetgear : r7000p_firmwarenetgear : rax200_firmwarenetgear : rax75_firmwarenetgear : rax80_firmwarenetgear : rs400_firmware

Remediation Guidance

Executive Summary

View on NIST NVD