Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-28373
HistoryNov 09, 2020 - 10:15 p.m.

CVE-2020-28373

2020-11-0922:15:13
CWE-787
[email protected]
web.nvd.nist.gov
23
cve
2020
28373
netgear
upnpd
stack-based buffer overflow
security vulnerability

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.

Affected configurations

NVD
Node
netgearr6400v2Match-
AND
netgearr6400v2_firmwareMatch1.0.4.102_10.0.75
Node
netgearr6400Match-
AND
netgearr6400_firmwareMatch1.0.1.62_1.0.41
Node
netgearr7000pMatch-
AND
netgearr7000p_firmwareMatch1.3.2.126_10.1.66
Node
netgearxr300Match-
AND
netgearxr300_firmwareMatch1.0.3.50_10.3.36
Node
netgearr8000Match-
AND
netgearr8000_firmwareMatch1.0.4.62
Node
netgearr8300Match-
AND
netgearr8300_firmwareMatch1.0.2.136
Node
netgearr8500Match-
AND
netgearr8500_firmwareMatch1.0.2.136
Node
netgearr7300dstMatch-
AND
netgearr7300dst_firmwareMatch1.0.0.74
Node
netgearr7850_firmwareMatch1.0.5.64
AND
netgearr7850Match-
Node
netgearr7900_firmwareMatch1.0.4.30
AND
netgearr7900Match-
Node
netgearrax20_firmwareMatch1.0.2.64
AND
netgearrax20Match-
Node
netgearrax80_firmwareMatch1.0.3.102
AND
netgearrax80Match-
Node
netgearr6250_firmwareMatch1.0.4.44
AND
netgearr6250Match-

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2020-28373
2020-11-09 21:32:28
prion
prion
Stack overflow
2020-11-09 22:15:00
nvd
nvd
CVE-2020-28373
2020-11-09 22:15:13

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON
Related for CVE-2020-28373
cvelist1prion1nvd1