Cyber Resilience

CVE-2017-6862

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 26 May 2017

Published
26 May 2017
Modified
21 April 2026
KEV Added
08 June 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4311 97.6th percentile
Risk Priority 65 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-6862 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Netgear Wnr2000 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2017-6862 is a buffer overflow in the administration web application of certain NETGEAR routers that enables authentication bypass and remote code execution. It affects WNR2000v3 devices running firmware versions prior to 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42, as identified under NETGEAR PSV-2016-0261 and classified under CWE-120.

An unauthenticated attacker can exploit this flaw over the network by supplying a specially crafted parameter to the web interface, achieving full remote code execution with the ability to compromise the device's confidentiality, integrity, and availability, corresponding to a CVSS score of 9.8.

NETGEAR has released firmware updates addressing the issue, with the security advisory recommending that users upgrade to the fixed versions specified for each model to mitigate the risk of unauthenticated remote code execution.

EU & UK References

Vulnerability details

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.

CWE(s)
KEV Date Added
08 June 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netgear
wnr2000 firmware
≤ 1.0.0.42 · ≤ 1.0.0.66 · ≤ 1.1.2.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs to the web application, preventing the crafted parameter that triggers the buffer overflow and authentication bypass.

prevent

Mandates timely application of firmware patches that eliminate the buffer-overflow flaw in the administration webapp.

prevent

Requires memory-protection mechanisms that can block or contain exploitation of the buffer overflow even if input validation fails.

References