Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15417


This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted gui_region in a string table file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9756.


Published

2020-07-28T18:15:15.880

Last Modified

2024-11-21T05:05:30.723

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

6.5

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-121

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear r6700_firmware 1.0.4.84_10.0.58 Yes
Hardware netgear r6700 - No

References