CVE-2023-30280
Published: 26 April 2023
Summary
CVE-2023-30280 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Netgear R6700 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 10.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-30280 is a buffer overflow vulnerability, tracked under CWE-120, that affects the fwSchedule.cgi page in Netgear R6900 version 1.0.2.26, R6700v3 version 1.0.4.128, and R6700 version 1.0.0.26. The flaw resides in handling of the getInputData parameter and carries a CVSS 3.1 score of 9.8.
A remote attacker can exploit the issue over the network without authentication or user interaction to execute arbitrary code or trigger a denial of service on the affected devices.
Public references point to Netgear’s security advisory pages, though no specific mitigation details such as patch availability or configuration guidance are provided in the source material.
The associated EPSS score rose from a low baseline to a peak of 0.0938 on 2026-03-24 before receding to its current value of 0.0446, indicating that exploitation interest emerged after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-34703
Vulnerability details
Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.