CVE-2020-27866 – NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-27866
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. • https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers https://www.zerodayinitiative.com/advisories/ZDI-20-1451 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2020-26927
https://notcve.org/view.php?id=CVE-2020-26927
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. Determinados dispositivos NETGEAR, están afectados por una omisión de autenticación. Esto afecta a D6200 versiones anteriores a 1.1.00.40, D7000 versiones anteriores a 1.0.1.78, R6020 versiones anteriores a 1.0.0.42, R6080 versiones anteriores a 1.0.0.42, R6050 versiones anteriores a 1.0.1.26, JR6150 versiones anteriores a 1.0.1.26, R6120 versiones anteriores a 1.0.0.66, R6220 versiones anteriores a 1.1.0.100, R6260 versiones anteriores a 1.1.0.66, R6700v2 versiones anteriores a 1.2.0.62, R6800 versiones anteriores a 1.2.0.62, R6900v2 versiones anteriores a 1.2.0.62, AC2100 versiones anteriores a 1.2.0.62, AC2400 versiones anteriores a 1.2.0.62, AC2600 versiones anteriores a 1.2.0.62, R7450 versiones anteriores a 1.2.0.62 y WNR2020 versiones anteriores a 1.1.0.62 • https://kb.netgear.com/000062325/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0109 •
CVE-2020-15636 – NETGEAR Multiple Routers check_ra Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15636
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion in a RAE_Policy.json file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000062128/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-R6700v3-PSV-2020-0224 https://www.zerodayinitiative.com/advisories/ZDI-20-937 • CWE-121: Stack-based Buffer Overflow •
CVE-2020-15634 – NETGEAR R6700 httpd strtblupgrade Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15634
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. • https://kb.netgear.com/000062126/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R6700v3-PSV-2020-0189 https://www.zerodayinitiative.com/advisories/ZDI-20-935 • CWE-134: Use of Externally-Controlled Format String •
CVE-2020-15635 – NETGEAR R6700 acsd Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15635
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. • https://kb.netgear.com/000062127/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-R6700v3-PSV-2020-0202 https://www.zerodayinitiative.com/advisories/ZDI-20-936 • CWE-121: Stack-based Buffer Overflow •