Arbitrary Code Execution Vulnerability in NETGEAR R6700 Routers
CVE-2020-15634

6.3MEDIUM

Key Information:

Vendor: Netgear
Status: R6700
Vendor: CVE Published:; 20 August 2020

Summary

This vulnerability exists in the NETGEAR R6700 router, where network-adjacent attackers can execute arbitrary code due to improper validation of user-supplied input during string table file uploads. No authentication is required to exploit this flaw, making it particularly concerning for users with vulnerable firmware versions. An attacker exploiting this weakness can execute malicious commands in the context of the web server, potentially compromising the device and its network security.

Affected Version(s)

R6700 1.0.4.84_10.0.58

References

https://www.zerodayinitiative.com/advisories/ZDI-20-935/

x_refsource_MISC

https://kb.netgear.com/000062126/Security-Advisory-for-Pr...

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 20, 2020
Vulnerability Reserved
Jul 7, 2020

Credit

d4rkn3ss from VNPT ISC