Lucene search

[email protected]CVE-2020-26913

HistoryOct 09, 2020 - 7:15 a.m.

CVE-2020-26913

2020-10-0907:15:17

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-26913

netgear

buffer overflow

security vulnerability

nvd

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, SRK60 before 2.2.2.20, SRR60 before 2.2.2.20, SRS60 before 2.2.2.20, WN3000RPv2 before 1.0.0.78, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.70, XR450 before 2.3.2.40, and XR500 before 2.3.2.40.

Affected configurations

NVD

Node

netgeard6100_firmwareRange<1.0.0.63

AND

netgeard6100Match-

Node

netgearr7800_firmwareRange<1.0.2.60

AND

netgearr7800Match-

Node

netgearr8900_firmwareRange<1.0.4.26

AND

netgearr8900Match-

Node

netgearr9000_firmwareRange<1.0.4.26

AND

netgearr9000Match-

Node

netgearrbk20_firmwareRange<2.3.0.28

AND

netgearrbk20Match-

Node

netgearrbr20_firmwareRange<2.3.0.28

AND

netgearrbr20Match-

Node

netgearrbs20_firmwareRange<2.3.0.28

AND

netgearrbs20Match-

Node

netgearrbk50_firmwareRange<2.3.0.32

AND

netgearrbk50Match-

Node

netgearrbr50_firmwareRange<2.3.0.32

AND

netgearrbr50Match-

Node

netgearrbs50_firmwareRange<2.3.0.32

AND

netgearrbs50Match-

Node

netgearrbk40_firmwareRange<2.3.0.28

AND

netgearrbk40Match-

Node

netgearrbs40_firmwareRange<2.3.0.28

AND

netgearrbs40Match-

Node

netgearsrk60_firmwareRange<2.2.2.20

AND

netgearsrk60Match-

Node

netgearsrr60_firmwareRange<2.2.2.20

AND

netgearsrr60Match-

Node

netgearsrs60_firmwareRange<2.2.2.20

AND

netgearsrs60Match-

Node

netgearwn3000rpv2_firmwareRange<1.0.0.78

AND

netgearwn3000rpv2Match-

Node

netgearwndr4300v2_firmwareRange<1.0.0.58

AND

netgearwndr4300v2Match-

Node

netgearwndr4500v3_firmwareRange<1.0.0.58

AND

netgearwndr4500v3Match-

Node

netgearwnr2000v5_firmwareRange<1.0.0.70

AND

netgearwnr2000v5Match-

Node

netgearxr450_firmwareRange<2.3.2.40

AND

netgearxr450Match-

Node

netgearxr500_firmwareRange<2.3.2.40

AND

netgearxr500Match-

CPENameOperatorVersion
netgear:d6100_firmwarenetgear d6100 firmwarelt1.0.0.63

CPE	Name	Operator	Version
netgear:d6100_firmware	netgear d6100 firmware	lt	1.0.0.63

References

kb.netgear.com/000062340/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2018-0140

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2020-26913

cvelist1 prion1 nvd1