Cyber Resilience

CVE-2023-30280

Critical

Published: 26 April 2023

Published
26 April 2023
Modified
03 February 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0446 89.3th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-30280 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Netgear R6700 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 10.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2023-30280 is a buffer overflow vulnerability, tracked under CWE-120, that affects the fwSchedule.cgi page in Netgear R6900 version 1.0.2.26, R6700v3 version 1.0.4.128, and R6700 version 1.0.0.26. The flaw resides in handling of the getInputData parameter and carries a CVSS 3.1 score of 9.8.

A remote attacker can exploit the issue over the network without authentication or user interaction to execute arbitrary code or trigger a denial of service on the affected devices.

Public references point to Netgear’s security advisory pages, though no specific mitigation details such as patch availability or configuration guidance are provided in the source material.

The associated EPSS score rose from a low baseline to a peak of 0.0938 on 2026-03-24 before receding to its current value of 0.0446, indicating that exploitation interest emerged after disclosure.

EU & UK References

Vulnerability details

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netgear
r6900 firmware
1.0.2.26
netgear
r6700 firmware
1.0.0.26, 1.0.4.128

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References