CVE-2020-15417
First published: Tue Jul 28 2020(Updated: )
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted gui_region in a string table file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9756.
Credit: zdi-disclosures@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear R6700 Firmware | =1.0.4.84_10.0.58 | |
| NETGEAR R6700 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-15417?
The severity of CVE-2020-15417 is medium with a severity value of 6.3.
How can network-adjacent attackers exploit CVE-2020-15417?
Network-adjacent attackers can exploit CVE-2020-15417 by executing arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers without authentication.
What is the affected software of CVE-2020-15417?
The affected software of CVE-2020-15417 is NETGEAR R6700 V1.0.4.84_10.0.58 routers running Netgear R6700 Firmware version 1.0.4.84_10.0.58.
What is the specific flaw in CVE-2020-15417?
The specific flaw in CVE-2020-15417 exists within the handling of string table file uploads.
Is authentication required to exploit CVE-2020-15417?
No, authentication is not required to exploit CVE-2020-15417.
- collector/nvd-index
- agent/weakness
- agent/type
- vendor/netgear
- canonical/netgear r6700 firmware
- version/netgear r6700 firmware/1.0.4.84_10.0.58
- canonical/netgear r6700