Critical severity9.8CISA KEVNVD Advisory· Published May 26, 2017· Updated Apr 21, 2026

CVE-2017-6862

Description

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.

Affected products

Netgear/Wnr2000 Firmware
cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*
Range: <1.0.0.42

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/98740nvdBroken LinkThird Party AdvisoryVDB Entry
kb.netgear.com/000038542/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-Some-Routers-PSV-2016-0261nvdVendor Advisory
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
www.on-x.com/sites/default/files/on-x_-_security_advisory_-_netgear_wnr2000v5_-_cve-2017-6862.pdfnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.034
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000