Sign-up

ID

VAR-202007-1436


CVE

CVE-2020-10927


TITLE

NETGEAR R6700 Vulnerability in using cryptographic algorithms in routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-008855

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649. Zero Day Initiative To this vulnerability ZDI-CAN-9649 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 2.88

sources: NVD: CVE-2020-10927 // JVNDB: JVNDB-2020-008855 // ZDI: ZDI-20-707 // CNVD: CNVD-2020-43663 // VULMON: CVE-2020-10927

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-43663

AFFECTED PRODUCTS

vendor:netgearmodel:r6700scope:eqversion:1.0.4.84_10.0.58

Trust: 1.8

vendor:netgearmodel:r6700scope: - version: -

Trust: 0.7

vendor:netgearmodel:r6700 v1.0.4.84 10.0.58scope: - version: -

Trust: 0.6

sources: ZDI: ZDI-20-707 // CNVD: CNVD-2020-43663 // JVNDB: JVNDB-2020-008855 // NVD: CVE-2020-10927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10927
value: HIGH

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10927
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008855
value: HIGH

Trust: 0.8

ZDI: ZDI-20-707
value: HIGH

Trust: 0.7

CNVD: CNVD-2020-43663
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-1645
value: HIGH

Trust: 0.6

VULMON: CVE-2020-10927
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-10927
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008855
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-43663
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10927
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10927
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008855
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: ZDI-20-707
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-707 // CNVD: CNVD-2020-43663 // VULMON: CVE-2020-10927 // JVNDB: JVNDB-2020-008855 // CNNVD: CNNVD-202007-1645 // NVD: CVE-2020-10927 // NVD: CVE-2020-10927

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.8

sources: JVNDB: JVNDB-2020-008855 // NVD: CVE-2020-10927

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1645

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202007-1645

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008855

PATCH
title:Top Pageurl:https://www.netgear.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-008855

EXTERNAL IDS
db:ZDIid:ZDI-20-707
Trust: 3.8
db:NVDid:CVE-2020-10927
Trust: 3.1
db:JVNDBid:JVNDB-2020-008855
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9649
Trust: 0.7
db:CNVDid:CNVD-2020-43663
Trust: 0.6
db:CNNVDid:CNNVD-202007-1645
Trust: 0.6
db:VULMONid:CVE-2020-10927
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-707 // 
            
            
            
            CNVD: CNVD-2020-43663 // 
            
            
            
            VULMON: CVE-2020-10927 // 
            
            
            
            JVNDB: JVNDB-2020-008855 // 
            
            
            
            CNNVD: CNNVD-202007-1645 // 
            
            
            
            NVD: CVE-2020-10927

REFERENCES
url:https://www.zerodayinitiative.com/advisories/zdi-20-707/
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-10927
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10927
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/327.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-43663 // 
            
            
            
            VULMON: CVE-2020-10927 // 
            
            
            
            JVNDB: JVNDB-2020-008855 // 
            
            
            
            CNNVD: CNNVD-202007-1645 // 
            
            
            
            NVD: CVE-2020-10927

CREDITS
Pedro Ribeiro and Radek Domanski of Team Flashback
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-707

SOURCES
db:ZDIid:ZDI-20-707
db:CNVDid:CNVD-2020-43663
db:VULMONid:CVE-2020-10927
db:JVNDBid:JVNDB-2020-008855
db:CNNVDid:CNNVD-202007-1645
db:NVDid:CVE-2020-10927

LAST UPDATE DATE
2024-11-23T22:44:28.500000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-707date:2020-06-15T00:00:00
db:CNVDid:CNVD-2020-43663date:2020-07-31T00:00:00
db:VULMONid:CVE-2020-10927date:2020-07-30T00:00:00
db:JVNDBid:JVNDB-2020-008855date:2020-09-29T00:00:00
db:CNNVDid:CNNVD-202007-1645date:2020-07-31T00:00:00
db:NVDid:CVE-2020-10927date:2024-11-21T04:56:23.193

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-707date:2020-06-15T00:00:00
db:CNVDid:CNVD-2020-43663date:2020-07-31T00:00:00
db:VULMONid:CVE-2020-10927date:2020-07-28T00:00:00
db:JVNDBid:JVNDB-2020-008855date:2020-09-29T00:00:00
db:CNNVDid:CNNVD-202007-1645date:2020-07-28T00:00:00
db:NVDid:CVE-2020-10927date:2020-07-28T18:15:13.910