6.5

CVE-2020-28041

Exploit

EPSS 1.07%
Published 02.11.2020 21:15:31
Last modified 21.11.2024 05:22:15
Source cve@mitre.org
Teams watchlist Login
Open Login

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Nighthawk R7000 Firmware Version1.0.9.64_10.2.64

Netgear ≫ Nighthawk R7000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.07%	0.767

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://github.com/samyk/slipstream

Third Party Advisory

https://news.ycombinator.com/item?id=24956616

Third Party Advisory

Exploit

https://news.ycombinator.com/item?id=24958281

Third Party Advisory

Exploit

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0024

Third Party Advisory

https://samy.pl/slipstream/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-28041

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-28041

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-28041

EUVD