Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-10923

CWE-3054 documents4 sources
Severity
8.8HIGH
EPSS
50.2%
top 2.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Netgear R6700Netgear R6700 Firmware
Timeline
PublishedJul 28
Latest updateMay 24

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5netgear/r6700V1.0.4.84_10.0.58
NVDnetgear/r6700_firmware1.0.4.84_10.0.58

🔴Vulnerability Details

2
GHSA
GHSA-p845-8rw7-6wm9: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V12022-05-24
CVEList
CVE-2020-10923: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V12020-07-28

💥Exploits & PoCs

1
Metasploit
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
CVE-2020-10923 (HIGH CVSS 8.8) | This vulnerability allows network-a | cvebase.io