CVE-2019-14363
UnknownEPSS 3.15%
Last modified
CVE-2019-14363 is a vulnerability of currently unknown severity. A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.. EPSS estimates a 3.15% chance of exploitation in the next 30 days.
Description
A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Wndr3400v3 Firmware | >= 1.0.1.18, <= 1.0.1.24 |
References
- https://github.com/reevesrs24/CVE/blob/master/Netgear_WNDR2400v3/upnp_stack_overflow/upnp_stack_overflow.mdExploit, Third Party Advisory
- https://github.com/reevesrs24/CVE/blob/master/Netgear_WNDR2400v3/upnp_stack_overflow/upnp_stack_overflow.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-14363?
A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.
How severe is CVE-2019-14363?
Severity scoring for CVE-2019-14363 is pending analysis. The EPSS model estimates a 3.15% probability of exploitation in the next 30 days.
How do I fix CVE-2019-14363?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2019-14363?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST