Details of VAR-202007-0907

ID

VAR-202007-0907

CVE

CVE-2020-15416

TITLE

NETGEAR R6700 Stack-based buffer overflow vulnerability in routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-008851

DESCRIPTION

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9703. NETGEAR R6700 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-9703 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is a wireless router made by NETGEAR

Trust: 2.88

sources: NVD: CVE-2020-15416 // JVNDB: JVNDB-2020-008851 // ZDI: ZDI-20-712 // CNVD: CNVD-2020-43667 // VULMON: CVE-2020-15416

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-43667

AFFECTED PRODUCTS

vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.4.84_10.0.58	Trust: 1.8
vendor:	netgear	model:	r6700	scope:	-	version:	-	Trust: 0.7
vendor:	netgear	model:	r6700 v1.0.4.84 10.0.58	scope:	-	version:	-	Trust: 0.6

sources: ZDI: ZDI-20-712 // CNVD: CNVD-2020-43667 // JVNDB: JVNDB-2020-008851 // NVD: CVE-2020-15416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15416
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-15416
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-008851
value:	HIGH
Trust: 0.8
ZDI:	ZDI-20-712
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-43667
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202007-1651
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-15416
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-15416
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-008851
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-43667
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-15416
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-15416
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-008851
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	ZDI-20-712
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-712 // CNVD: CNVD-2020-43667 // VULMON: CVE-2020-15416 // JVNDB: JVNDB-2020-008851 // CNNVD: CNNVD-202007-1651 // NVD: CVE-2020-15416 // NVD: CVE-2020-15416

PROBLEMTYPE DATA

problemtype:

CWE-121

Trust: 1.8

sources: JVNDB: JVNDB-2020-008851 // NVD: CVE-2020-15416

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1651

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1651

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008851

PATCH

title:	Top Page	url:	https://www.netgear.com/	Trust: 0.8
title:	R7000_httpd_BOF_CVE-2020-15416	url:	https://github.com/k3vinlusec/R7000_httpd_BOF_CVE-2020-15416	Trust: 0.1

sources: VULMON: CVE-2020-15416 // JVNDB: JVNDB-2020-008851

EXTERNAL IDS

db:	ZDI	id:	ZDI-20-712	Trust: 3.2
db:	NVD	id:	CVE-2020-15416	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-008851	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9703	Trust: 0.7
db:	CNVD	id:	CNVD-2020-43667	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-1651	Trust: 0.6
db:	VULMON	id:	CVE-2020-15416	Trust: 0.1

sources: ZDI: ZDI-20-712 // CNVD: CNVD-2020-43667 // VULMON: CVE-2020-15416 // JVNDB: JVNDB-2020-008851 // CNNVD: CNNVD-202007-1651 // NVD: CVE-2020-15416

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-20-712/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15416	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15416	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/121.html	Trust: 0.1
url:	https://github.com/k3vinlusec/r7000_httpd_bof_cve-2020-15416	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-43667 // VULMON: CVE-2020-15416 // JVNDB: JVNDB-2020-008851 // CNNVD: CNNVD-202007-1651 // NVD: CVE-2020-15416

CREDITS

d4rkn3ss from VNPT ISC

Trust: 0.7

sources: ZDI: ZDI-20-712

SOURCES

db:	ZDI	id:	ZDI-20-712
db:	CNVD	id:	CNVD-2020-43667
db:	VULMON	id:	CVE-2020-15416
db:	JVNDB	id:	JVNDB-2020-008851
db:	CNNVD	id:	CNNVD-202007-1651
db:	NVD	id:	CVE-2020-15416

LAST UPDATE DATE

2024-11-23T22:55:06.796000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-712	date:	2020-06-15T00:00:00
db:	CNVD	id:	CNVD-2020-43667	date:	2020-07-31T00:00:00
db:	VULMON	id:	CVE-2020-15416	date:	2020-07-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-008851	date:	2020-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202007-1651	date:	2020-07-31T00:00:00
db:	NVD	id:	CVE-2020-15416	date:	2024-11-21T05:05:30.600

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-712	date:	2020-06-15T00:00:00
db:	CNVD	id:	CNVD-2020-43667	date:	2020-07-31T00:00:00
db:	VULMON	id:	CVE-2020-15416	date:	2020-07-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-008851	date:	2020-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202007-1651	date:	2020-07-28T00:00:00
db:	NVD	id:	CVE-2020-15416	date:	2020-07-28T18:15:15.787