CVE-2020-28041

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data.

La implementación de SIP ALG en dispositivos NETGEAR Nighthawk R7000 versión 1.0.9.64_10.2.64, permite a atacantes remotos comunicarse con servicios TCP y UDP arbitrarios en la máquina de la intranet de la víctima, si la víctima visita un sitio web controlado por un atacante con un navegador moderno, también conocido como NAT Slipstreaming . Esto ocurre porque el ALG toma acción en base a un paquete IP con una subcadena REGISTER inicial en los datos TCP y la dirección IP de intranet correcta en el encabezado Via subsiguiente, sin considerar apropiadamente que el progreso de la conexión y la fragmentación afectan el significado de los datos del paquete

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-11-01 CVE Reserved
2020-11-01 CVE Published
2024-07-19 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-276: Incorrect Default Permissions

CAPEC

References (5)

URL	Tag	Source
https://github.com/samyk/slipstream	Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0024	Third Party Advisory

URL	Date	SRC
https://news.ycombinator.com/item?id=24956616	2024-08-04
https://news.ycombinator.com/item?id=24958281	2024-08-04
https://samy.pl/slipstream	2024-08-04

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netgear Search vendor "Netgear"	Nighthawk R7000 Firmware Search vendor "Netgear" for product "Nighthawk R7000 Firmware"	1.0.9.64_10.2.64 Search vendor "Netgear" for product "Nighthawk R7000 Firmware" and version "1.0.9.64_10.2.64"	-	Affected	in	Netgear Search vendor "Netgear"	Nighthawk R7000 Search vendor "Netgear" for product "Nighthawk R7000"	-	-	Safe