CVE-2017-6862
Published: 26 May 2017
Summary
CVE-2017-6862 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Netgear Wnr2000 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2017-6862 is a buffer overflow in the administration web application of certain NETGEAR routers that enables authentication bypass and remote code execution. It affects WNR2000v3 devices running firmware versions prior to 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42, as identified under NETGEAR PSV-2016-0261 and classified under CWE-120.
An unauthenticated attacker can exploit this flaw over the network by supplying a specially crafted parameter to the web interface, achieving full remote code execution with the ability to compromise the device's confidentiality, integrity, and availability, corresponding to a CVSS score of 9.8.
NETGEAR has released firmware updates addressing the issue, with the security advisory recommending that users upgrade to the fixed versions specified for each model to mitigate the risk of unauthenticated remote code execution.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-15916
Vulnerability details
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.
- CWE(s)
- KEV Date Added
- 08 June 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all inputs to the web application, preventing the crafted parameter that triggers the buffer overflow and authentication bypass.
Mandates timely application of firmware patches that eliminate the buffer-overflow flaw in the administration webapp.
Requires memory-protection mechanisms that can block or contain exploitation of the buffer overflow even if input validation fails.