Details of VAR-202008-0652

ID

VAR-202008-0652

CVE

CVE-2020-15635

TITLE

NETGEAR R6700 Stack-based buffer overflow vulnerability in router firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-009640

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853. Zero Day Initiative To this vulnerability ZDI-CAN-9853 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is an AC1750 smart WiFi router

Trust: 2.79

sources: NVD: CVE-2020-15635 // JVNDB: JVNDB-2020-009640 // ZDI: ZDI-20-936 // CNVD: CNVD-2020-46226

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-46226

AFFECTED PRODUCTS

vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.4.98	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.4.84_10.0.58	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-20-936 // CNVD: CNVD-2020-46226 // JVNDB: JVNDB-2020-009640 // NVD: CVE-2020-15635

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15635
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-15635
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-009640
value:	HIGH
Trust: 0.8
ZDI:	CVE-2020-15635
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-46226
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202008-115
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-15635
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-009640
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-46226
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-15635
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-15635
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-009640
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-15635
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-936 // CNVD: CNVD-2020-46226 // JVNDB: JVNDB-2020-009640 // CNNVD: CNNVD-202008-115 // NVD: CVE-2020-15635 // NVD: CVE-2020-15635

PROBLEMTYPE DATA

problemtype:

CWE-121

Trust: 1.8

sources: JVNDB: JVNDB-2020-009640 // NVD: CVE-2020-15635

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202008-115

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202008-115

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009640

PATCH

title:	Security Advisory for Pre-Authentication Buffer Overflow on R6700v3, PSV-2020-0202	url:	https://kb.netgear.com/000062127/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-R6700v3-PSV-2020-0202	Trust: 1.5
title:	Patch for NETGEAR R6700 stack buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/230440	Trust: 0.6
title:	NETGEAR R6700 Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125439	Trust: 0.6

sources: ZDI: ZDI-20-936 // CNVD: CNVD-2020-46226 // JVNDB: JVNDB-2020-009640 // CNNVD: CNNVD-202008-115

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15635	Trust: 3.7
db:	ZDI	id:	ZDI-20-936	Trust: 2.9
db:	JVNDB	id:	JVNDB-2020-009640	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9853	Trust: 0.7
db:	CNVD	id:	CNVD-2020-46226	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-115	Trust: 0.6

sources: ZDI: ZDI-20-936 // CNVD: CNVD-2020-46226 // JVNDB: JVNDB-2020-009640 // CNNVD: CNNVD-202008-115 // NVD: CVE-2020-15635

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-20-936/	Trust: 2.8
url:	https://kb.netgear.com/000062127/security-advisory-for-pre-authentication-buffer-overflow-on-r6700v3-psv-2020-0202	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15635	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15635	Trust: 0.8

sources: ZDI: ZDI-20-936 // CNVD: CNVD-2020-46226 // JVNDB: JVNDB-2020-009640 // CNNVD: CNNVD-202008-115 // NVD: CVE-2020-15635

CREDITS

Pedro Ribeiro (@pedrib1337 | pedrib@gmail.com) and Radek Domanski (@RabbitPro | radek.domanski@gmail.com)

Trust: 0.7

sources: ZDI: ZDI-20-936

SOURCES

db:	ZDI	id:	ZDI-20-936
db:	CNVD	id:	CNVD-2020-46226
db:	JVNDB	id:	JVNDB-2020-009640
db:	CNNVD	id:	CNNVD-202008-115
db:	NVD	id:	CVE-2020-15635

LAST UPDATE DATE

2024-11-23T23:04:17.122000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-936	date:	2020-08-04T00:00:00
db:	CNVD	id:	CNVD-2020-46226	date:	2020-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-009640	date:	2020-11-24T06:37:28
db:	CNNVD	id:	CNNVD-202008-115	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2020-15635	date:	2024-11-21T05:05:54.777

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-936	date:	2020-08-04T00:00:00
db:	CNVD	id:	CNVD-2020-46226	date:	2020-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-009640	date:	2020-11-24T06:37:28
db:	CNNVD	id:	CNNVD-202008-115	date:	2020-08-04T00:00:00
db:	NVD	id:	CVE-2020-15635	date:	2020-08-20T01:17:13.337