Lucene search

ZdiCVELIST:CVE-2020-10926

HistoryJul 28, 2020 - 5:10 p.m.

CVE-2020-10926

2020-07-2817:10:36

CWE-494

zdi

www.cve.org

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648.

CNA Affected

[
  {
    "product": "R6700",
    "vendor": "NETGEAR",
    "versions": [
      {
        "status": "affected",
        "version": "V1.0.4.84_10.0.58"
      }
    ]
  }
]

References

www.zerodayinitiative.com/advisories/ZDI-20-706/

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON

Related for CVELIST:CVE-2020-10926