NETGEAR R6700 httpd strtblupgrade Format String Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the la...

Netgear Won't Patch 45 Router Models Vulnerable to Serious Flaw

UPDATE Netgear will not patch 45 router models that are vulnerable to a high-severity remote code execution flaw, the router company revealed last week. However, the company says that routers that won’t receive updates are outdated or have reached EOL End of Life. The remote code execution...

NETGEAR R6700 Buffer Overflow Vulnerability (CNVD-2020-43667)

The NETGEAR R6700 is a wireless router from NETGEAR. A buffer overflow vulnerability exists in the httpd service in the NETGEAR R6700 version V1.0.4.8410.0.58, which originates when the program fails to properly validate the length of user-supplied data before copying it into a fixed stack-based...

CVE-2020-15416

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

CVE-2020-15416

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

CVE-2020-15416

CVE-2020-15416 affects NETGEAR R6700 routers (V1.0.4.84_10.0.58). The vulnerability is in the httpd service on port 80 and stems from improper validation of the length of user-supplied data copied into a fixed-length, stack-based buffer. This causes a stack-based buffer overflow that an attacker ...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1749)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Netgear httpd upgrade_check.cgi stack buffer overflow

Overview Multiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgradecheck.cgi, which may allow for unauthenticated remote code execution with root privileges. Description Many Netgear devices contain an embedded web server, which is provided by the httpd...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1692)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1692)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handli...

Information Disclosure

httpd is vulnerable to information disclosure. The vulnerability exists through modproxyftp use of uninitialized value...

RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2644 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This...

Netgear R7000 Router - Remote Code Execution Exploit

Exploit for hardware platform in category web applications EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48588.zip Exploits a pre-authentication memcpy based stack buffer overflow vulnerability in httpd on several devices and versions: Devic...

(0Day) NETGEAR R6700 httpd strtblupgrade Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted guiregion in a stri...

(0Day) NETGEAR R6700 httpd Firmware Upload Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue...

(0Day) NETGEAR R6700 httpd strtblupgrade Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the la...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1601)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Open Redirects

httpd is vulnerable to open redirects. The vulnerability exists as modrewrite has potential open redirect...

Moderate: Red Hat Security Advisory: httpd24-httpd and httpd24-mod_md security and enhancement update

An update for httpd24-httpd and httpd24-modmd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Buffer overflow vulnerability in multiple Tenda products (CNVD-2020-31408)

The Tenda AC9, among others, is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in httpd in several Tenda products. The vulnerability can be exploited to execute arbitrary code by sending the 'deviceId' and 'time' parameters to the...