What is the severity of CVE-2020-28041?

CVE-2020-28041 is considered a critical vulnerability due to its potential to allow remote attackers to exploit internal networks.

How do I fix CVE-2020-28041?

To mitigate CVE-2020-28041, update the firmware of your NETGEAR Nighthawk R7000 device to the latest version.

What type of devices are affected by CVE-2020-28041?

CVE-2020-28041 affects NETGEAR Nighthawk R7000 devices running firmware version 1.0.9.64_10.2.64.

Can CVE-2020-28041 be exploited remotely?

Yes, CVE-2020-28041 can be exploited remotely if the victim navigates to a malicious website.

What is NAT Slipstreaming in the context of CVE-2020-28041?

NAT Slipstreaming in CVE-2020-28041 refers to the technique that allows attackers to bypass firewall protection and access internal services.

Vulnerability/
CVE-2020-28041

medium

6.5

CWE

276

1/11/2020

4/8/2024

CVE-2020-28041

First published: Sun Nov 01 2020(Updated: )

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Netgear Nighthawk R7000 Firmware	=1.0.9.64_10.2.64
Netgear Nighthawk R7000 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-28041?
CVE-2020-28041 is considered a critical vulnerability due to its potential to allow remote attackers to exploit internal networks.
How do I fix CVE-2020-28041?
To mitigate CVE-2020-28041, update the firmware of your NETGEAR Nighthawk R7000 device to the latest version.
What type of devices are affected by CVE-2020-28041?
CVE-2020-28041 affects NETGEAR Nighthawk R7000 devices running firmware version 1.0.9.64_10.2.64.
Can CVE-2020-28041 be exploited remotely?
Yes, CVE-2020-28041 can be exploited remotely if the victim navigates to a malicious website.
What is NAT Slipstreaming in the context of CVE-2020-28041?
NAT Slipstreaming in CVE-2020-28041 refers to the technique that allows attackers to bypass firewall protection and access internal services.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/references
agent/weakness
agent/author
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/netgear
canonical/netgear nighthawk r7000 firmware
version/netgear nighthawk r7000 firmware/1.0.9.64_10.2.64

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.