Vulnerability Details : CVE-2020-10923
Public exploit exists!
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.
Vulnerability category: Execute code
Products affected by CVE-2020-10923
- cpe:2.3:o:netgear:r6700_firmware:1.0.4.84_10.0.58:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-10923
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-10923
-
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
Disclosure Date: 2020-06-15First seen: 2020-07-01auxiliary/admin/http/netgear_r6700_pass_resetThis module targets ZDI-20-704 (aka CVE-2020-10924), a buffer overflow vulnerability in the UPNP daemon (/usr/sbin/upnpd), on Netgear R6700v3 routers running firmware versions from V1.0.2.62 up to but not including V1.0.4.94, to reset the password for the 'admin' user
CVSS scores for CVE-2020-10923
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.3
|
HIGH | AV:A/AC:L/Au:N/C:C/I:C/A:C |
6.5
|
10.0
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
Zero Day Initiative | |
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-10923
-
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.Assigned by: zdi-disclosures@trendmicro.com (Primary)
References for CVE-2020-10923
-
https://www.zerodayinitiative.com/advisories/ZDI-20-703/
ZDI-20-703 | Zero Day InitiativeThird Party Advisory;VDB Entry
Jump to