Stack overflow

2023-03-2919:15:00

PRIOn knowledge base

www.prio-n.com

network adjacent

arbitrary code execution

authentication bypass

circled daemon

stack-based buffer overflow

root context

zdi-can-15879

nvd

0.001 Low

EPSS

Percentile

29.8%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.

CPENameOperatorVersion
cbr40_firmwarelt2.5.0.28
lbr1020_firmwarelt2.7.4.2
lbr20_firmwarelt2.7.4.2
r6400_firmwarelt1.0.4.126
r6700_firmwarelt1.0.4.126
r6900p_firmwarelt1.3.3.148
r7000_firmwarelt1.0.11.134
r7000p_firmwarelt1.3.3.148
r7850_firmwarelt1.0.5.84
r7960p_firmwarelt1.4.3.88

Name	Operator	Version
cbr40_firmware	lt	2.5.0.28
lbr1020_firmware	lt	2.7.4.2
lbr20_firmware	lt	2.7.4.2
r6400_firmware	lt	1.0.4.126
r6700_firmware	lt	1.0.4.126
r6900p_firmware	lt	1.3.3.148
r7000_firmware	lt	1.0.11.134
r7000p_firmware	lt	1.3.3.148
r7850_firmware	lt	1.0.5.84
r7960p_firmware	lt	1.4.3.88