CVE-2020-28373

Published Nov 9, 2020

Last updated 4 years ago

CVSS high 8.8

Overview

Description: upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 8.3
Impact score: 10
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6400v2_firmware:1.0.4.102_10.0.75:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C16283AA-DFC0-4EF2-BF42-88AFFDB0D8E0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6400_firmware:1.0.1.62_1.0.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "843A546D-C3D0-4858-A0AB-06F0F9A5DF33"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7000p_firmware:1.3.2.126_10.1.66:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A26AEB2E-E432-4C61-9669-DDAC4CC11A96"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:xr300_firmware:1.0.3.50_10.3.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E6D38C9-84B2-4689-A16D-5966B3024C25"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8000_firmware:1.0.4.62:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3028F458-37EF-498E-95EA-C8788A8475CE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8300_firmware:1.0.2.136:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A195EB60-71AA-4A05-9D53-9BB343409177"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8500_firmware:1.0.2.136:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBD5151F-400E-4243-AB62-41FAD8F01FD4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C75148EB-DE6C-4C5C-BF34-4800A66CF11C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7300dst_firmware:1.0.0.74:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CCA3A82-A539-4BBC-8259-2272C6062804"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7850_firmware:1.0.5.64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "195C9E56-FD44-4A47-A3E7-6045F3213687"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7900_firmware:1.0.4.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBB8FC11-7AE0-418F-A9CD-1DC36642FECA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax20_firmware:1.0.2.64:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A82C696-F75B-4E04-BFFB-772F96A7E3F7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax80_firmware:1.0.3.102:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D03D6BF5-496F-48F3-96F5-2030587218EC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6250_firmware:1.0.4.44:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCF2B639-61D2-4FD5-905C-90B883A396DF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "321BE843-52C4-4638-A321-439CA7B3A6F2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References