FKIE_CVE-2020-28373
Vulnerability from fkie_nvd - Published: 2020-11-09 22:15 - Updated: 2024-11-21 05:22
Severity ?
Summary
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/cpeggg/Netgear-upnpd-poc | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cpeggg/Netgear-upnpd-poc | Broken Link, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | r6400v2_firmware | 1.0.4.102_10.0.75 | |
| netgear | r6400v2 | - | |
| netgear | r6400_firmware | 1.0.1.62_1.0.41 | |
| netgear | r6400 | - | |
| netgear | r7000p_firmware | 1.3.2.126_10.1.66 | |
| netgear | r7000p | - | |
| netgear | xr300_firmware | 1.0.3.50_10.3.36 | |
| netgear | xr300 | - | |
| netgear | r8000_firmware | 1.0.4.62 | |
| netgear | r8000 | - | |
| netgear | r8300_firmware | 1.0.2.136 | |
| netgear | r8300 | - | |
| netgear | r8500_firmware | 1.0.2.136 | |
| netgear | r8500 | - | |
| netgear | r7300dst_firmware | 1.0.0.74 | |
| netgear | r7300dst | - | |
| netgear | r7850_firmware | 1.0.5.64 | |
| netgear | r7850 | - | |
| netgear | r7900_firmware | 1.0.4.30 | |
| netgear | r7900 | - | |
| netgear | rax20_firmware | 1.0.2.64 | |
| netgear | rax20 | - | |
| netgear | rax80_firmware | 1.0.3.102 | |
| netgear | rax80 | - | |
| netgear | r6250_firmware | 1.0.4.44 | |
| netgear | r6250 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400v2_firmware:1.0.4.102_10.0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "C16283AA-DFC0-4EF2-BF42-88AFFDB0D8E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6400_firmware:1.0.1.62_1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "843A546D-C3D0-4858-A0AB-06F0F9A5DF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7000p_firmware:1.3.2.126_10.1.66:*:*:*:*:*:*:*",
"matchCriteriaId": "A26AEB2E-E432-4C61-9669-DDAC4CC11A96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xr300_firmware:1.0.3.50_10.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6D38C9-84B2-4689-A16D-5966B3024C25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8000_firmware:1.0.4.62:*:*:*:*:*:*:*",
"matchCriteriaId": "3028F458-37EF-498E-95EA-C8788A8475CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8300_firmware:1.0.2.136:*:*:*:*:*:*:*",
"matchCriteriaId": "A195EB60-71AA-4A05-9D53-9BB343409177",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r8500_firmware:1.0.2.136:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD5151F-400E-4243-AB62-41FAD8F01FD4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7300dst_firmware:1.0.0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCA3A82-A539-4BBC-8259-2272C6062804",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C75148EB-DE6C-4C5C-BF34-4800A66CF11C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7850_firmware:1.0.5.64:*:*:*:*:*:*:*",
"matchCriteriaId": "195C9E56-FD44-4A47-A3E7-6045F3213687",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r7900_firmware:1.0.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB8FC11-7AE0-418F-A9CD-1DC36642FECA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax20_firmware:1.0.2.64:*:*:*:*:*:*:*",
"matchCriteriaId": "8A82C696-F75B-4E04-BFFB-772F96A7E3F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax80_firmware:1.0.3.102:*:*:*:*:*:*:*",
"matchCriteriaId": "D03D6BF5-496F-48F3-96F5-2030587218EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:r6250_firmware:1.0.4.44:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF2B639-61D2-4FD5-905C-90B883A396DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321BE843-52C4-4638-A321-439CA7B3A6F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44."
},
{
"lang": "es",
"value": "upnpd en determinados dispositivos NETGEAR permite a atacantes remotos (LAN) ejecutar c\u00f3digo arbitrario por medio de un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria.\u0026#xa0;Esto afecta a R6400v2 versi\u00f3n V1.0.4.102_10.0.75, R6400 versi\u00f3n V1.0.1.62_1.0.41, R7000P versi\u00f3n V1.3.2.126_10.1.66, XR300 versi\u00f3n V1.0.3.50_10.3.36, R8000 versi\u00f3n V1.0.4.62, R8300 versi\u00f3n V1.0.2. 136, R8500 versi\u00f3n V1.0.2.136, R7300DST versi\u00f3n V1.0.0.74, R7850 versi\u00f3n V1.0.5.64, R7900 versi\u00f3n V1.0.4.30, RAX20 versi\u00f3n V1.0.2.64, RAX80 versi\u00f3n V1.0.3.102 y R6250 versi\u00f3n V1.0.4. 44"
}
],
"id": "CVE-2020-28373",
"lastModified": "2024-11-21T05:22:40.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-09T22:15:13.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cpeggg/Netgear-upnpd-poc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cpeggg/Netgear-upnpd-poc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…