First published: Thu Aug 20 2020(Updated: )
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server.
Credit: zdi-disclosures@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
NETGEAR R6700 | ||
Netgear R6700 Firmware | <1.0.4.98 | |
NETGEAR R6700 | =v3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15634 is a vulnerability in NETGEAR R6700 routers that allows network-adjacent attackers to execute arbitrary code.
Attackers can exploit CVE-2020-15634 by uploading a malicious string table file.
No, authentication is not required to exploit CVE-2020-15634.
CVE-2020-15634 has a severity rating of 6.3 (Medium).
To fix CVE-2020-15634, you should update the firmware of your NETGEAR R6700 router to version 1.0.4.98 or later.