CVE-2020-28373
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.
upnpd en determinados dispositivos NETGEAR permite a atacantes remotos (LAN) ejecutar código arbitrario por medio de un desbordamiento del búfer en la región stack de la memoria. Esto afecta a R6400v2 versión V1.0.4.102_10.0.75, R6400 versión V1.0.1.62_1.0.41, R7000P versión V1.3.2.126_10.1.66, XR300 versión V1.0.3.50_10.3.36, R8000 versión V1.0.4.62, R8300 versión V1.0.2. 136, R8500 versión V1.0.2.136, R7300DST versión V1.0.0.74, R7850 versión V1.0.5.64, R7900 versión V1.0.4.30, RAX20 versión V1.0.2.64, RAX80 versión V1.0.3.102 y R6250 versión V1.0.4. 44
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-11-09 CVE Reserved
- 2020-11-09 CVE Published
- 2023-10-16 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/cpeggg/Netgear-upnpd-poc | Broken Link |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netgear Search vendor "Netgear" | R6400v2 Firmware Search vendor "Netgear" for product "R6400v2 Firmware" | 1.0.4.102_10.0.75 Search vendor "Netgear" for product "R6400v2 Firmware" and version "1.0.4.102_10.0.75" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6400v2 Search vendor "Netgear" for product "R6400v2" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R6400 Firmware Search vendor "Netgear" for product "R6400 Firmware" | 1.0.1.62_1.0.41 Search vendor "Netgear" for product "R6400 Firmware" and version "1.0.1.62_1.0.41" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6400 Search vendor "Netgear" for product "R6400" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R7000p Firmware Search vendor "Netgear" for product "R7000p Firmware" | 1.3.2.126_10.1.66 Search vendor "Netgear" for product "R7000p Firmware" and version "1.3.2.126_10.1.66" | - |
Affected
| in | Netgear Search vendor "Netgear" | R7000p Search vendor "Netgear" for product "R7000p" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Xr300 Firmware Search vendor "Netgear" for product "Xr300 Firmware" | 1.0.3.50_10.3.36 Search vendor "Netgear" for product "Xr300 Firmware" and version "1.0.3.50_10.3.36" | - |
Affected
| in | Netgear Search vendor "Netgear" | Xr300 Search vendor "Netgear" for product "Xr300" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R8000 Firmware Search vendor "Netgear" for product "R8000 Firmware" | 1.0.4.62 Search vendor "Netgear" for product "R8000 Firmware" and version "1.0.4.62" | - |
Affected
| in | Netgear Search vendor "Netgear" | R8000 Search vendor "Netgear" for product "R8000" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R8300 Firmware Search vendor "Netgear" for product "R8300 Firmware" | 1.0.2.136 Search vendor "Netgear" for product "R8300 Firmware" and version "1.0.2.136" | - |
Affected
| in | Netgear Search vendor "Netgear" | R8300 Search vendor "Netgear" for product "R8300" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R8500 Firmware Search vendor "Netgear" for product "R8500 Firmware" | 1.0.2.136 Search vendor "Netgear" for product "R8500 Firmware" and version "1.0.2.136" | - |
Affected
| in | Netgear Search vendor "Netgear" | R8500 Search vendor "Netgear" for product "R8500" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R7300dst Firmware Search vendor "Netgear" for product "R7300dst Firmware" | 1.0.0.74 Search vendor "Netgear" for product "R7300dst Firmware" and version "1.0.0.74" | - |
Affected
| in | Netgear Search vendor "Netgear" | R7300dst Search vendor "Netgear" for product "R7300dst" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R7850 Firmware Search vendor "Netgear" for product "R7850 Firmware" | 1.0.5.64 Search vendor "Netgear" for product "R7850 Firmware" and version "1.0.5.64" | - |
Affected
| in | Netgear Search vendor "Netgear" | R7850 Search vendor "Netgear" for product "R7850" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R7900 Firmware Search vendor "Netgear" for product "R7900 Firmware" | 1.0.4.30 Search vendor "Netgear" for product "R7900 Firmware" and version "1.0.4.30" | - |
Affected
| in | Netgear Search vendor "Netgear" | R7900 Search vendor "Netgear" for product "R7900" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rax20 Firmware Search vendor "Netgear" for product "Rax20 Firmware" | 1.0.2.64 Search vendor "Netgear" for product "Rax20 Firmware" and version "1.0.2.64" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rax20 Search vendor "Netgear" for product "Rax20" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rax80 Firmware Search vendor "Netgear" for product "Rax80 Firmware" | 1.0.3.102 Search vendor "Netgear" for product "Rax80 Firmware" and version "1.0.3.102" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rax80 Search vendor "Netgear" for product "Rax80" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R6250 Firmware Search vendor "Netgear" for product "R6250 Firmware" | 1.0.4.44 Search vendor "Netgear" for product "R6250 Firmware" and version "1.0.4.44" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6250 Search vendor "Netgear" for product "R6250" | - | - |
Safe
|