Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
Conclusion & alert: CVE-2023-36187 is rated Moderate Risk (53.9/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 0.94%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 5.93% | 0.94% | -4.99% |
| 2 | 2026-05-27 | 4.54% | 5.93% | +1.40% |
| 3 | 2025-11-21 | — | 4.54% | — |
Full EPSS history (14 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| netgear | cbr40_firmware | < 2.5.0.24 | cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:* |
| netgear | lax20_firmware | < 1.1.6.34 | cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:* |
| netgear | mk62_firmware | < 1.1.6.122 | cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:* |
| netgear | mr60_firmware | < 1.1.6.122 | cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:* |
| netgear | ms60_firmware | < 1.1.6.122 | cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:* |
| netgear | rbw30_firmware | < 2.6.2.6 | cpe:2.3:o:netgear:rbw30_firmware:*:*:*:*:*:*:*:* |
| netgear | r6400_firmware | < 1.0.1.70 | cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:* |
| netgear | r6400v2_firmware | < 1.0.4.118 | cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:* |
| netgear | r6700v3_firmware | < 1.0.4.118 | cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:* |
| netgear | r7000_firmware | < 1.0.11.130 | cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:* |
| netgear | r7000p_firmware | < 1.3.3.148 | cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:* |
| netgear | rax200_firmware | < 1.0.4.120 | cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:* |
| netgear | rax75_firmware | < 1.0.4.120 | cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:* |
| netgear | rax80_firmware | < 1.0.4.120 | cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:* |
| netgear | rs400_firmware | < 1.5.1.86 | cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:* |