Vulnerability 198098 - CERT Civis.Net

Vulnerability Name:

CCN-198098

Published:

2020-12-23

Updated:

2020-12-23

Summary:

NETGEAR Routers, Range Extenders, and Orbi WiFi Systems are vulnerable to a pre-authentication buffer overflow, caused by improper bounds checking. By sending a specially crafted request, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVSS v3 Severity:

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

8.3 High (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: NETGEAR Web site
NETGEAR: Networking Products Made For You

Source: XF
Type: UNKNOWN
netgear-routersextender-bo(198098)

Source: CCN
Type: NETGEAR Security Advisory: PSV-2020-0129
Security Advisory for Pre-Authentication Buffer Overflow on Some Routers Range Extenders, and Orbi WiFi Systems

Vulnerable Configuration:

Configuration CCN 1:

cpe:/h:netgear:r7000:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6220:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r7800:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6120:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r8000:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6350:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6400:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6400:v2:*:*:*:*:*:*:*

OR cpe:/h:netgear:rbr20:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6800:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:xr300:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6850:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:xr500:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rbr750:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rbs750:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rbk842:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rbr840:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rbr850:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rbs850:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6260:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:cbr40:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rbk852:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6700:v2:*:*:*:*:*:*:*

OR cpe:/h:netgear:ac2100:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:ac2400:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:ac2600:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r7450:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6230:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rbs20:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rbs40:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:xr450:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r7100lg:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6700:v3:*:*:*:*:*:*:*

OR cpe:/h:netgear:xr700:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r7400:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r6330:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:ex6250:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r7900:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:r7960p:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rax15:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rax20:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rax45:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rax50:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rax75:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:rax80:-:*:*:*:*:*:*:*

OR cpe:/h:netgear:cbk40:-:*:*:*:*:*:*:*

Denotes that component is vulnerable