OpenCVE

Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netgear	Wnr2000v4 Wnr2000v4 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:netgear:wnr2000v4_firmware:1.0.0.70:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x4297B4.md
https://www.netgear.com/about/security/
https://www.netgear.com/support/download/?model=WNR2000v4

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-22T21:17:38

Updated: 2024-08-03T07:32:54.680Z

Reserved: 2022-05-31T00:00:00

Link: CVE-2022-31937

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-22T22:15:09.573

Modified: 2024-11-21T07:05:29.280

Link: CVE-2022-31937

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-22T21:17:38", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.netgear.com/about/security/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.netgear.com/support/download/?model=WNR2000v4"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x4297B4.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-31937", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.netgear.com/about/security/", "refsource": "MISC", "url": "https://www.netgear.com/about/security/"}, {"name": "https://www.netgear.com/support/download/?model=WNR2000v4", "refsource": "MISC", "url": "https://www.netgear.com/support/download/?model=WNR2000v4"}, {"name": "https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x4297B4.md", "refsource": "MISC", "url": "https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x4297B4.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:32:54.680Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.netgear.com/about/security/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.netgear.com/support/download/?model=WNR2000v4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x4297B4.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-31937", "datePublished": "2022-09-22T21:17:38", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2024-08-03T07:32:54.680Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr2000v4_firmware:1.0.0.70:*:*:*:*:*:*:*", "matchCriteriaId": "DF03AF64-BC91-4894-9A41-7057E416B74D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3AE1DD1-5DB7-403A-805B-EDB364EF28D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd."}, {"lang": "es", "value": "Se ha detectado que el router inal\u00e1mbrico Netgear N300 wnr2000v4 versi\u00f3n V1.0.0.70, contiene un desbordamiento de pila por strcpy en uhttpd"}], "id": "CVE-2022-31937", "lastModified": "2024-11-21T07:05:29.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-22T22:15:09.573", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x4297B4.md"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.netgear.com/about/security/"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.netgear.com/support/download/?model=WNR2000v4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x4297B4.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.netgear.com/about/security/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "https://www.netgear.com/support/download/?model=WNR2000v4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}