Details of VAR-202008-0653

ID

VAR-202008-0653

CVE

CVE-2020-15636

TITLE

plural NETGEAR Stack-based buffer overflow vulnerability in router software

Trust: 0.8

sources: JVNDB: JVNDB-2020-009641

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion in a RAE_Policy.json file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9852. Zero Day Initiative To this vulnerability ZDI-CAN-9852 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all wireless routers from NETGEAR

Trust: 2.79

sources: NVD: CVE-2020-15636 // JVNDB: JVNDB-2020-009641 // ZDI: ZDI-20-937 // CNVD: CNVD-2020-46224

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-46224

AFFECTED PRODUCTS

vendor:	netgear	model:	r6700	scope:	-	version:	-	Trust: 1.4
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.4.98	Trust: 1.0
vendor:	netgear	model:	multiple routers	scope:	-	version:	-	Trust: 0.7
vendor:	netgear	model:	r6400	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r7000	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r7900	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r8000	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	xr300	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6400 no	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r7850	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	rs400	scope:	-	version:	-	Trust: 0.6

sources: ZDI: ZDI-20-937 // CNVD: CNVD-2020-46224 // JVNDB: JVNDB-2020-009641 // NVD: CVE-2020-15636

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15636
value:	CRITICAL
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-15636
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-009641
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2020-15636
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-46224
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202008-120
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-15636
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-009641
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-46224
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-15636
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-15636
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-009641
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-15636
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-937 // CNVD: CNVD-2020-46224 // JVNDB: JVNDB-2020-009641 // CNNVD: CNNVD-202008-120 // NVD: CVE-2020-15636 // NVD: CVE-2020-15636

PROBLEMTYPE DATA

problemtype:

CWE-121

Trust: 1.8

sources: JVNDB: JVNDB-2020-009641 // NVD: CVE-2020-15636

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-120

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202008-120

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009641

PATCH

title:	Security Advisory for Pre-Authentication Stack Overflow on R6700v3, PSV-2020-0224	url:	https://kb.netgear.com/000062128/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-R6700v3-PSV-2020-0224	Trust: 1.5
title:	Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2020-46224)	url:	https://www.cnvd.org.cn/patchInfo/show/230434	Trust: 0.6
title:	Multiple NETGEAR Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125444	Trust: 0.6

sources: ZDI: ZDI-20-937 // CNVD: CNVD-2020-46224 // JVNDB: JVNDB-2020-009641 // CNNVD: CNNVD-202008-120

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15636	Trust: 3.7
db:	ZDI	id:	ZDI-20-937	Trust: 2.9
db:	JVNDB	id:	JVNDB-2020-009641	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9852	Trust: 0.7
db:	CNVD	id:	CNVD-2020-46224	Trust: 0.6
db:	NSFOCUS	id:	48319	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-120	Trust: 0.6

sources: ZDI: ZDI-20-937 // CNVD: CNVD-2020-46224 // JVNDB: JVNDB-2020-009641 // CNNVD: CNNVD-202008-120 // NVD: CVE-2020-15636

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-20-937/	Trust: 2.8
url:	https://kb.netgear.com/000062128/security-advisory-for-pre-authentication-stack-overflow-on-r6700v3-psv-2020-0224	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15636	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15636	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/48319	Trust: 0.6

sources: ZDI: ZDI-20-937 // CNVD: CNVD-2020-46224 // JVNDB: JVNDB-2020-009641 // CNNVD: CNNVD-202008-120 // NVD: CVE-2020-15636

CREDITS

Pedro Ribeiro (@pedrib1337 | pedrib@gmail.com) and Radek Domanski (@RabbitPro | radek.domanski@gmail.com)

Trust: 0.7

sources: ZDI: ZDI-20-937

SOURCES

db:	ZDI	id:	ZDI-20-937
db:	CNVD	id:	CNVD-2020-46224
db:	JVNDB	id:	JVNDB-2020-009641
db:	CNNVD	id:	CNNVD-202008-120
db:	NVD	id:	CVE-2020-15636

LAST UPDATE DATE

2024-11-23T22:21:03.893000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-937	date:	2020-08-04T00:00:00
db:	CNVD	id:	CNVD-2020-46224	date:	2020-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-009641	date:	2020-11-24T06:37:29
db:	CNNVD	id:	CNNVD-202008-120	date:	2020-09-02T00:00:00
db:	NVD	id:	CVE-2020-15636	date:	2024-11-21T05:05:54.917

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-937	date:	2020-08-04T00:00:00
db:	CNVD	id:	CNVD-2020-46224	date:	2020-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-009641	date:	2020-11-24T06:37:29
db:	CNNVD	id:	CNNVD-202008-120	date:	2020-08-04T00:00:00
db:	NVD	id:	CVE-2020-15636	date:	2020-08-20T01:17:13.493