8.8
CVE-2020-28373
- EPSS 0.11%
- Published 09.11.2020 22:15:13
- Last modified 21.11.2024 05:22:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ R6400v2 Firmware Version1.0.4.102_10.0.75
Netgear ≫ R6400 Firmware Version1.0.1.62_1.0.41
Netgear ≫ R7000p Firmware Version1.3.2.126_10.1.66
Netgear ≫ Xr300 Firmware Version1.0.3.50_10.3.36
Netgear ≫ R8000 Firmware Version1.0.4.62
Netgear ≫ R8300 Firmware Version1.0.2.136
Netgear ≫ R8500 Firmware Version1.0.2.136
Netgear ≫ R7300dst Firmware Version1.0.0.74
Netgear ≫ R7850 Firmware Version1.0.5.64
Netgear ≫ R7900 Firmware Version1.0.4.30
Netgear ≫ Rax20 Firmware Version1.0.2.64
Netgear ≫ Rax80 Firmware Version1.0.3.102
Netgear ≫ R6250 Firmware Version1.0.4.44
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.263 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 8.3 | 6.5 | 10 |
AV:A/AC:L/Au:N/C:C/I:C/A:C
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.