Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-10924

CWE-121Stack-based Buffer Overflow4 documents4 sources
Severity
8.8HIGH
EPSS
48.7%
top 2.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Netgear R6700Netgear R6700 Firmware
Timeline
PublishedJul 28
Latest updateMay 24

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-bas

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5netgear/r6700V1.0.4.84_10.0.58
NVDnetgear/r6700_firmware1.0.4.84_10.0.58

🔴Vulnerability Details

2
GHSA
GHSA-j8cv-gf68-463p: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V12022-05-24
CVEList
CVE-2020-10924: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V12020-07-28

💥Exploits & PoCs

1
Metasploit
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
CVE-2020-10924 (HIGH CVSS 8.8) | This vulnerability allows network-a | cvebase.io