CVE-2020-28041

6.5MEDIUM

Key Information:

Vendor
Netgear
Status
Nighthawk R7000 Firmware
Vendor
CVE Published:
2 November 2020

Summary

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data.

References

https://news.ycombinator.com/item?id=24956616
x_refsource_MISC
https://samy.pl/slipstream/
x_refsource_MISC
https://github.com/samyk/slipstream
x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.