Sign-up

ID

VAR-202007-0056


CVE

CVE-2020-10930


TITLE

NETGEAR R6700 Access control vulnerabilities in routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-008852

DESCRIPTION

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618. NETGEAR R6700 A router contains an access control vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-9618 Was numbered.Information may be obtained

Trust: 2.79

sources: NVD: CVE-2020-10930 // JVNDB: JVNDB-2020-008852 // ZDI: ZDI-20-711 // CNVD: CNVD-2020-43620

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-43620

AFFECTED PRODUCTS

vendor:netgearmodel:r6700scope:eqversion:1.0.4.84_10.0.58

Trust: 1.8

vendor:netgearmodel:r6700scope: - version: -

Trust: 0.7

vendor:netgearmodel:r6700 v1.0.4.84 10.0.58scope: - version: -

Trust: 0.6

sources: ZDI: ZDI-20-711 // CNVD: CNVD-2020-43620 // JVNDB: JVNDB-2020-008852 // NVD: CVE-2020-10930

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10930
value: MEDIUM

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10930
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008852
value: MEDIUM

Trust: 0.8

ZDI: ZDI-20-711
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2020-43620
value: LOW

Trust: 0.6

CNNVD: CNNVD-202007-1650
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-10930
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008852
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-43620
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10930
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10930
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008852
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: ZDI-20-711
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-711 // CNVD: CNVD-2020-43620 // JVNDB: JVNDB-2020-008852 // CNNVD: CNNVD-202007-1650 // NVD: CVE-2020-10930 // NVD: CVE-2020-10930

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.8

problemtype:NVD-CWE-Other

Trust: 1.0

sources: JVNDB: JVNDB-2020-008852 // NVD: CVE-2020-10930

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1650

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-1650

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008852

PATCH
title:Top Pageurl:https://www.netgear.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-008852

EXTERNAL IDS
db:ZDIid:ZDI-20-711
Trust: 3.7
db:NVDid:CVE-2020-10930
Trust: 3.0
db:JVNDBid:JVNDB-2020-008852
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9618
Trust: 0.7
db:CNVDid:CNVD-2020-43620
Trust: 0.6
db:CNNVDid:CNNVD-202007-1650
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-711 // 
            
            
            
            CNVD: CNVD-2020-43620 // 
            
            
            
            JVNDB: JVNDB-2020-008852 // 
            
            
            
            CNNVD: CNNVD-202007-1650 // 
            
            
            
            NVD: CVE-2020-10930

REFERENCES
url:https://www.zerodayinitiative.com/advisories/zdi-20-711/
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-10930
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10930
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-43620 // 
            
            
            
            JVNDB: JVNDB-2020-008852 // 
            
            
            
            CNNVD: CNNVD-202007-1650 // 
            
            
            
            NVD: CVE-2020-10930

CREDITS
d4rkn3ss from VNPT ISC
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-711

SOURCES
db:ZDIid:ZDI-20-711
db:CNVDid:CNVD-2020-43620
db:JVNDBid:JVNDB-2020-008852
db:CNNVDid:CNNVD-202007-1650
db:NVDid:CVE-2020-10930

LAST UPDATE DATE
2024-11-23T22:44:29.539000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-711date:2020-06-15T00:00:00
db:CNVDid:CNVD-2020-43620date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-008852date:2020-09-29T00:00:00
db:CNNVDid:CNNVD-202007-1650date:2022-07-29T00:00:00
db:NVDid:CVE-2020-10930date:2024-11-21T04:56:23.563

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-711date:2020-06-15T00:00:00
db:CNVDid:CNVD-2020-43620date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-008852date:2020-09-29T00:00:00
db:CNNVDid:CNNVD-202007-1650date:2020-07-28T00:00:00
db:NVDid:CVE-2020-10930date:2020-07-28T18:15:14.160