Primary

Context

Netgear JWNR2000v2 Buffer Overflow Vulnerability in sub_4238E8

Vulnerability

A critical buffer overflow vulnerability has been identified in the Netgear JWNR2000v2 router, specifically in version 1.0.0.11. The issue arises in the function sub_4238E8, where the 'host' argument is manipulated, leading to a buffer overflow. This vulnerability can be exploited remotely. The root cause is the use of the 'strcpy' function to copy data from the 'nvram_get' function without proper boundary checks, allowing for overflow conditions.

Impact

Exploitation of this vulnerability allows for a buffer overflow, which can potentially be used to execute arbitrary code or cause a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a crafted request that includes a 'host' argument. The 'strcpy' function will copy the data into a buffer without checking the length, leading to a buffer overflow.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netgear JWNR2000v2 Buffer Overflow Vulnerability in sub_4238E8

Vulnerability

Impact

Reproduction

Affected Products

Netgear JWNR2000v2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating