From ce22ac60836657faf67a35809488b2a6d934ece2 Mon Sep 17 00:00:00 2001 From: zdi-team Date: Wed, 22 Jul 2020 18:44:04 -0500 Subject: [PATCH] ZDI assigns the following CVEs: M 2020/10xxx/CVE-2020-10923.json M 2020/10xxx/CVE-2020-10924.json M 2020/10xxx/CVE-2020-10925.json M 2020/10xxx/CVE-2020-10926.json M 2020/10xxx/CVE-2020-10927.json M 2020/10xxx/CVE-2020-10928.json M 2020/10xxx/CVE-2020-10929.json M 2020/10xxx/CVE-2020-10930.json M 2020/15xxx/CVE-2020-15416.json M 2020/15xxx/CVE-2020-15417.json --- 2020/10xxx/CVE-2020-10923.json | 81 +++++++++++++++++++++++++++------- 2020/10xxx/CVE-2020-10924.json | 81 +++++++++++++++++++++++++++------- 2020/10xxx/CVE-2020-10925.json | 81 +++++++++++++++++++++++++++------- 2020/10xxx/CVE-2020-10926.json | 81 +++++++++++++++++++++++++++------- 2020/10xxx/CVE-2020-10927.json | 81 +++++++++++++++++++++++++++------- 2020/10xxx/CVE-2020-10928.json | 81 +++++++++++++++++++++++++++------- 2020/10xxx/CVE-2020-10929.json | 81 +++++++++++++++++++++++++++------- 2020/10xxx/CVE-2020-10930.json | 81 +++++++++++++++++++++++++++------- 2020/15xxx/CVE-2020-15416.json | 81 +++++++++++++++++++++++++++------- 2020/15xxx/CVE-2020-15417.json | 81 +++++++++++++++++++++++++++------- 10 files changed, 650 insertions(+), 160 deletions(-) diff --git a/2020/10xxx/CVE-2020-10923.json b/2020/10xxx/CVE-2020-10923.json index 37c5f4f1f7b..27409bb28d8 100644 --- a/2020/10xxx/CVE-2020-10923.json +++ b/2020/10xxx/CVE-2020-10923.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-10923", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-10923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R6700", + "version": { + "version_data": [ + { + "version_value": "V1.0.4.84_10.0.58" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" + } + ] } -} \ No newline at end of file + }, + "credit": "Pedro Ribeiro and Radek Domanski of Team Flashback", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-305: Authentication Bypass by Primary Weakness" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-703/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + } +} diff --git a/2020/10xxx/CVE-2020-10924.json b/2020/10xxx/CVE-2020-10924.json index 0030c35c667..b34380aa483 100644 --- a/2020/10xxx/CVE-2020-10924.json +++ b/2020/10xxx/CVE-2020-10924.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-10924", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-10924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R6700", + "version": { + "version_data": [ + { + "version_value": "V1.0.4.84_10.0.58" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" + } + ] } -} \ No newline at end of file + }, + "credit": "Pedro Ribeiro and Radek Domanski of Team Flashback", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-704/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2020/10xxx/CVE-2020-10925.json b/2020/10xxx/CVE-2020-10925.json index 77c808186ad..35ed5483a9a 100644 --- a/2020/10xxx/CVE-2020-10925.json +++ b/2020/10xxx/CVE-2020-10925.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-10925", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-10925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R6700", + "version": { + "version_data": [ + { + "version_value": "V1.0.4.84_10.0.58" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" + } + ] } -} \ No newline at end of file + }, + "credit": "Pedro Ribeiro and Radek Domanski of Team Flashback", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295: Improper Certificate Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-705/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2020/10xxx/CVE-2020-10926.json b/2020/10xxx/CVE-2020-10926.json index f97c3fc8a84..8dfe51e3568 100644 --- a/2020/10xxx/CVE-2020-10926.json +++ b/2020/10xxx/CVE-2020-10926.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-10926", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-10926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R6700", + "version": { + "version_data": [ + { + "version_value": "V1.0.4.84_10.0.58" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" + } + ] } -} \ No newline at end of file + }, + "credit": "Pedro Ribeiro and Radek Domanski of Team Flashback", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494: Download of Code Without Integrity Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-706/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2020/10xxx/CVE-2020-10927.json b/2020/10xxx/CVE-2020-10927.json index c138847246b..0e68fc3a337 100644 --- a/2020/10xxx/CVE-2020-10927.json +++ b/2020/10xxx/CVE-2020-10927.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-10927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-10927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R6700", + "version": { + "version_data": [ + { + "version_value": "V1.0.4.84_10.0.58" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" + } + ] } -} \ No newline at end of file + }, + "credit": "Pedro Ribeiro and Radek Domanski of Team Flashback", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-707/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2020/10xxx/CVE-2020-10928.json b/2020/10xxx/CVE-2020-10928.json index cb5e17294c5..499269867a3 100644 --- a/2020/10xxx/CVE-2020-10928.json +++ b/2020/10xxx/CVE-2020-10928.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-10928", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-10928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R6700", + "version": { + "version_data": [ + { + "version_value": "V1.0.4.84_10.0.58" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" + } + ] } -} \ No newline at end of file + }, + "credit": "d4rkn3ss from VNPT ISC", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9767." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-708/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2020/10xxx/CVE-2020-10929.json b/2020/10xxx/CVE-2020-10929.json index 24b3dcaaed0..7a409ccbec8 100644 --- a/2020/10xxx/CVE-2020-10929.json +++ b/2020/10xxx/CVE-2020-10929.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-10929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-10929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R6700", + "version": { + "version_data": [ + { + "version_value": "V1.0.4.84_10.0.58" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" + } + ] } -} \ No newline at end of file + }, + "credit": "d4rkn3ss from VNPT ISC", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-680: Integer Overflow to Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-709/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2020/10xxx/CVE-2020-10930.json b/2020/10xxx/CVE-2020-10930.json index 77552aa5597..02b6ba17f8d 100644 --- a/2020/10xxx/CVE-2020-10930.json +++ b/2020/10xxx/CVE-2020-10930.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-10930", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-10930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R6700", + "version": { + "version_data": [ + { + "version_value": "V1.0.4.84_10.0.58" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" + } + ] } -} \ No newline at end of file + }, + "credit": "d4rkn3ss from VNPT ISC", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-711/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + } +} diff --git a/2020/15xxx/CVE-2020-15416.json b/2020/15xxx/CVE-2020-15416.json index 1004b8dae3e..68c978bb570 100644 --- a/2020/15xxx/CVE-2020-15416.json +++ b/2020/15xxx/CVE-2020-15416.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-15416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-15416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R6700", + "version": { + "version_data": [ + { + "version_value": "V1.0.4.84_10.0.58" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" + } + ] } -} \ No newline at end of file + }, + "credit": "d4rkn3ss from VNPT ISC", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9703." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-712/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2020/15xxx/CVE-2020-15417.json b/2020/15xxx/CVE-2020-15417.json index 2c84f747f19..51f5cbbf9f2 100644 --- a/2020/15xxx/CVE-2020-15417.json +++ b/2020/15xxx/CVE-2020-15417.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-15417", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-15417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R6700", + "version": { + "version_data": [ + { + "version_value": "V1.0.4.84_10.0.58" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" + } + ] } -} \ No newline at end of file + }, + "credit": "d4rkn3ss from VNPT ISC", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of string table file uploads. A crafted gui_region in a string table file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9756." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-713/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + } +}