Sign-up

ID

VAR-202007-0053


CVE

CVE-2020-10926


TITLE

NETGEAR R6700 Vulnerability in incomplete integrity verification of downloaded code on router

Trust: 0.8

sources: JVNDB: JVNDB-2020-008750

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648. Zero Day Initiative To this vulnerability ZDI-CAN-9648 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is a wireless router made by NETGEAR. NETGEAR R6700 V1.0.4.84_10.0.58 has a verification problem in the firmware update processing process, which is caused by the program's failure to correctly verify the firmware image before the update

Trust: 2.79

sources: NVD: CVE-2020-10926 // JVNDB: JVNDB-2020-008750 // ZDI: ZDI-20-706 // CNVD: CNVD-2020-43149

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-43149

AFFECTED PRODUCTS

vendor:netgearmodel:r6700scope:eqversion:1.0.4.84_10.0.58

Trust: 1.8

vendor:netgearmodel:r6700scope: - version: -

Trust: 0.7

vendor:netgearmodel:r6700 v1.0.4.84 10.0.58scope: - version: -

Trust: 0.6

sources: ZDI: ZDI-20-706 // CNVD: CNVD-2020-43149 // JVNDB: JVNDB-2020-008750 // NVD: CVE-2020-10926

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10926
value: HIGH

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10926
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008750
value: HIGH

Trust: 0.8

ZDI: ZDI-20-706
value: HIGH

Trust: 0.7

CNVD: CNVD-2020-43149
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-1644
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-10926
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008750
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-43149
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10926
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10926
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008750
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: ZDI-20-706
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-706 // CNVD: CNVD-2020-43149 // JVNDB: JVNDB-2020-008750 // CNNVD: CNNVD-202007-1644 // NVD: CVE-2020-10926 // NVD: CVE-2020-10926

PROBLEMTYPE DATA

problemtype:CWE-494

Trust: 1.8

sources: JVNDB: JVNDB-2020-008750 // NVD: CVE-2020-10926

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1644

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-1644

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008750

PATCH
title:Top Pageurl:https://www.netgear.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-008750

EXTERNAL IDS
db:ZDIid:ZDI-20-706
Trust: 3.7
db:NVDid:CVE-2020-10926
Trust: 3.0
db:JVNDBid:JVNDB-2020-008750
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9648
Trust: 0.7
db:CNVDid:CNVD-2020-43149
Trust: 0.6
db:CNNVDid:CNNVD-202007-1644
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-706 // 
            
            
            
            CNVD: CNVD-2020-43149 // 
            
            
            
            JVNDB: JVNDB-2020-008750 // 
            
            
            
            CNNVD: CNNVD-202007-1644 // 
            
            
            
            NVD: CVE-2020-10926

REFERENCES
url:https://www.zerodayinitiative.com/advisories/zdi-20-706/
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-10926
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10926
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-43149 // 
            
            
            
            JVNDB: JVNDB-2020-008750 // 
            
            
            
            CNNVD: CNNVD-202007-1644 // 
            
            
            
            NVD: CVE-2020-10926

CREDITS
Pedro Ribeiro and Radek Domanski of Team Flashback
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-706

SOURCES
db:ZDIid:ZDI-20-706
db:CNVDid:CNVD-2020-43149
db:JVNDBid:JVNDB-2020-008750
db:CNNVDid:CNNVD-202007-1644
db:NVDid:CVE-2020-10926

LAST UPDATE DATE
2024-11-23T23:04:18.587000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-706date:2020-06-15T00:00:00
db:CNVDid:CNVD-2020-43149date:2020-07-30T00:00:00
db:JVNDBid:JVNDB-2020-008750date:2020-09-24T00:00:00
db:CNNVDid:CNNVD-202007-1644date:2020-07-30T00:00:00
db:NVDid:CVE-2020-10926date:2024-11-21T04:56:23.073

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-706date:2020-06-15T00:00:00
db:CNVDid:CNVD-2020-43149date:2020-07-30T00:00:00
db:JVNDBid:JVNDB-2020-008750date:2020-09-24T00:00:00
db:CNNVDid:CNNVD-202007-1644date:2020-07-28T00:00:00
db:NVDid:CVE-2020-10926date:2020-07-28T18:15:13.833