CVE-2020-35787

Published: Dec 30, 2020Modified: Nov 21, 2024

8.0

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40.

Affected (28)

Products: Netgear: D3600 Firmware, D6000 Firmware, D6200 Firmware, D7000 Firmware, Ex6200 Firmware, Ex7000 Firmware, Ex8000 Firmware, Jr6150 Firmware, Pr2000 Firmware, R6020 Firmware, R6050 Firmware, R6080 Firmware, R6120 Firmware, R6220 Firmware, R6260 Firmware, R6300 Firmware, R6700 Firmware, R6800 Firmware, R6900 Firmware, R6900p Firmware, R7000 Firmware, R7000p Firmware, R7800 Firmware, R8900 Firmware, R9000 Firmware, Xr500 Firmware

26 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D3600 Firmware	Before 1.0.0.76

Running on/with	Platform Versions
Netgear D3600	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6000 Firmware	Before 1.0.0.76

Running on/with	Platform Versions
Netgear D6000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6200 Firmware	Before 1.1.00.36

Running on/with	Platform Versions
Netgear D6200	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D7000 Firmware	Before 1.0.1.70

Running on/with	Platform Versions
Netgear D7000	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6200 Firmware	Before 1.0.1.78

Running on/with	Platform Versions
Netgear Ex6200	Version v2

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex7000 Firmware	Before 1.0.1.78

Running on/with	Platform Versions
Netgear Ex7000	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex8000 Firmware	Before 1.0.1.186

Running on/with	Platform Versions
Netgear Ex8000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Jr6150 Firmware	Before 1.0.1.18

Running on/with	Platform Versions
Netgear Jr6150	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Pr2000 Firmware	Before 1.0.0.28

Running on/with	Platform Versions
Netgear Pr2000	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6020 Firmware	Before 1.0.0.42

Running on/with	Platform Versions
Netgear R6020	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6050 Firmware	Before 1.0.1.18

Running on/with	Platform Versions
Netgear R6050	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6080 Firmware	Before 1.0.0.42

Running on/with	Platform Versions
Netgear R6080	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6120 Firmware	Before 1.0.0.46

Running on/with	Platform Versions
Netgear R6120	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6220 Firmware	Before 1.1.0.80

Running on/with	Platform Versions
Netgear R6220	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6260 Firmware	Before 1.1.0.64

Running on/with	Platform Versions
Netgear R6260	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6300 Firmware	Before 1.0.4.34

Running on/with	Platform Versions
Netgear R6300	Version v2

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6700 Firmware	Before 1.0.2.6

Running on/with	Platform Versions
Netgear R6700	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6700 Firmware	Before 1.2.0.36

Running on/with	Platform Versions
Netgear R6700	Version v2

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6800 Firmware	Before 1.2.0.36

Running on/with	Platform Versions
Netgear R6800	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900 Firmware	Before 1.0.2.4

Running on/with	Platform Versions
Netgear R6900	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900p Firmware	Before 1.3.1.64

Running on/with	Platform Versions
Netgear R6900p	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900 Firmware	Before 1.2.0.36

Running on/with	Platform Versions
Netgear R6900	Version v2

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000 Firmware	Before 1.0.9.42

Running on/with	Platform Versions
Netgear R7000	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000p Firmware	Before 1.3.1.64

Running on/with	Platform Versions
Netgear R7000p	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7800 Firmware	Before 1.0.2.60

Running on/with	Platform Versions
Netgear R7800	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8900 Firmware	Before 1.0.4.12

Running on/with	Platform Versions
Netgear R8900	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R9000 Firmware	Before 1.0.4.12

Running on/with	Platform Versions
Netgear R9000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Xr500 Firmware	Before 2.3.2.40

Running on/with	Platform Versions
Netgear Xr500	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://kb.netgear.com/000062710/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-and-Range-Extenders-PSV-2018-0379

Source: cve@mitre.org

Vendor Advisory

https://kb.netgear.com/000062710/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-and-Range-Extenders-PSV-2018-0379

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.