Sign-up

ID

VAR-202308-3022


CVE

CVE-2023-38924


TITLE

of netgear  dgn3500  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-021108

DESCRIPTION

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. NETGEAR DGN3500 is a wireless router made by NETGEAR. The vulnerability comes from the fact that the http_password parameter in setup.cgi fails to correctly verify the length of the input data. Remote attackers can use this vulnerability to execute arbitrary code on the system or cause denial of service attack

Trust: 2.16

sources: NVD: CVE-2023-38924 // JVNDB: JVNDB-2023-021108 // CNVD: CNVD-2023-64069

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-64069

AFFECTED PRODUCTS

vendor:netgearmodel:dgn3500scope:eqversion:1.1.00.37

Trust: 1.6

vendor:ネットギアmodel:dgn3500scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:dgn3500scope:eqversion: -

Trust: 0.8

vendor:ネットギアmodel:dgn3500scope:eqversion:dgn3500 firmware 1.1.00.37

Trust: 0.8

sources: CNVD: CNVD-2023-64069 // JVNDB: JVNDB-2023-021108 // NVD: CVE-2023-38924

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-38924
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-38924
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-64069
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-64069
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-38924
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-38924
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-64069 // JVNDB: JVNDB-2023-021108 // NVD: CVE-2023-38924

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-021108 // NVD: CVE-2023-38924

PATCH

title:Patch for NETGEAR DGN3500 Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/452021

Trust: 0.6

sources: CNVD: CNVD-2023-64069

EXTERNAL IDS

db:NVDid:CVE-2023-38924

Trust: 3.2

db:JVNDBid:JVNDB-2023-021108

Trust: 0.8

db:CNVDid:CNVD-2023-64069

Trust: 0.6

sources: CNVD: CNVD-2023-64069 // JVNDB: JVNDB-2023-021108 // NVD: CVE-2023-38924

REFERENCES

url:https://github.com/firmrec/iot-vulns/blob/main/netgear/http_password_create_smb_cfg/readme.md

Trust: 1.8

url:https://www.netgear.com/about/security/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-38924

Trust: 0.8

url:https://github.com/firmrec/iot-vulns/blob/main/netgear/

Trust: 0.6

sources: CNVD: CNVD-2023-64069 // JVNDB: JVNDB-2023-021108 // NVD: CVE-2023-38924

SOURCES

db:CNVDid:CNVD-2023-64069
db:JVNDBid:JVNDB-2023-021108
db:NVDid:CVE-2023-38924

LAST UPDATE DATE

2024-08-14T14:36:41.844000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-64069date:2023-08-21T00:00:00
db:JVNDBid:JVNDB-2023-021108date:2024-01-18T06:49:00
db:NVDid:CVE-2023-38924date:2023-08-09T18:04:06.470

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-64069date:2023-08-16T00:00:00
db:JVNDBid:JVNDB-2023-021108date:2024-01-18T00:00:00
db:NVDid:CVE-2023-38924date:2023-08-07T19:15:10.563