Stack-Based Buffer Overflow Vulnerability in Belkin LINKSYS WRT160NL Router
CVE-2020-26561

8.8HIGH

Key Information:

Vendor: Belkin
Status: Linksys Wrt 160nl Firmware
Vendor: CVE Published:; 23 October 2020

What is CVE-2020-26561?

The Belkin LINKSYS WRT160NL router is vulnerable to a stack-based buffer overflow due to improper handling of input in the mini_httpd service, specifically in the create_dir function. This flaw can allow an attacker to execute arbitrary code, which could compromise the device's integrity. It's important to note that this vulnerability affects versions of the device that are no longer maintained, posing a significant risk to users operating outdated firmware.

References

https://research.nccgroup.com/2020/10/20/wrt160nl-cve-202...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2020
Vulnerability Reserved
Oct 4, 2020