Stack-based Buffer Overflow in NETGEAR Routers
CVE-2020-15636

8.1HIGH

Key Information:

Vendor: Netgear
Status: Multiple Routers
Vendor: CVE Published:; 20 August 2020

Summary

This vulnerability in NETGEAR routers allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. The issue arises within the check_ra service that processes the RAE_PolicyVersion in a malicious RAE_Policy.json file. Attackers can exploit this flaw without needing authentication, gaining root access and control over the device. This affects multiple models including R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 with specific firmware versions.

Affected Version(s)

Multiple Routers 1.0.4.84_10.0.58

References

https://www.zerodayinitiative.com/advisories/ZDI-20-937/

x_refsource_MISC

https://kb.netgear.com/000062128/Security-Advisory-for-Pr...

x_refsource_MISC

EPSS Score

41% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 20, 2020
Vulnerability Reserved
Jul 7, 2020

Credit

Pedro Ribeiro (@pedrib1337 | [email protected]) and Radek Domanski (@RabbitPro | [email protected])