Vulnerabilites related to netgear - wn3500rp
var-201505-0408
Vulnerability from variot
Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005. KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution. KCodes NetUSB The kernel driver contains a buffer overflow vulnerability. KCodes NetUSB Is Linux Connected to base embedded devices (home router products, etc.) USB Share devices on the network "USB over IP" To realize the function, Linux Kernel module. Buffer overflow (CWE-120) - CVE-2015-3036 http://cwe.mitre.org/data/definitions/120.html The client NetUSB The data to send when connecting to the server NetUSB A buffer overflow can occur because the kernel driver does not validate properly. For more information SEC Consult Please check the advisory for. SEC Consult Vulnerability Lab Security Advisory < 20150519-0 > https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt In addition, National Vulnerability Database (NVD) Then CWE-119 It is published as CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer ( Buffer error ) http://cwe.mitre.org/data/definitions/119.htmlAn attacker on the local network caused a buffer overflow, resulting in a denial of service operation (DoS) An attacker may be able to attack or execute arbitrary code. Depending on the default settings of the device, a remote attack may be possible. KCodes NetUSB is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. SEC Consult Vulnerability Lab Security Advisory < 20150519-0 > ======================================================================= title: Kernel Stack Buffer Overflow product: KCodes NetUSB vulnerable version: see Vulnerable / tested versions fixed version: see Solution CVE number: CVE-2015-3036, VU#177092 impact: Critical homepage: http://www.kcodes.com/ found: 2015-02-23 by: Stefan Viehböck (Office Vienna) SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Berlin - Frankfurt/Main - Montreal - Singapore
Vienna (HQ) - Vilnius - Zurich
https://www.sec-consult.com
=======================================================================
Vendor description:
"The world's premier technology provider of mobile printing, audio and video communication, file sharing, and USB applications for iPhones, iPads, smart phones and tablets (Android and Windows), MacBooks, and Ultrabooks."
Source: http://www.kcodes.com/
Vulnerability overview/description:
NetUSB suffers from a remotely exploitable kernel stack buffer overflow. Because of insufficient input validation, an overly long computer name can be used to overflow the "computer name" kernel stack buffer. This results in memory corruption which can be turned into arbitrary remote code execution.
Furthermore, a more detailed summary of this advisory has been published at our blog: http://blog.sec-consult.com
Proof of concept:
Below is an excerpt from the vulnerable run_init_sbus() function (pseudo code):
int computername_len; char computername_buf[64]; // connection initiation, handshake len = ks_recv(sock, &computername_len, 4, 0); // ... len = ks_recv(sock, computername_buf, computername_len, 0); // boom!
A proof of concept "netusb_bof.py" has been developed which exploits the vulnerability. The PoC DoS exploit will not be published as many vendors did not patch the vulnerability yet.
Example use that results in denial-of-service (kernel memory corruption that results in a device reboot): ./netusb_bof.py 192.168.1.1 20005 500
Vulnerable / tested versions:
The vulnerability has been verified to exist in most recent firmware versions of the following devives:
TP-Link TL-WDR4300 V1 TP-Link WR1043ND v2 NETGEAR WNDR4500
Furthermore we've identified NetUSB in the most recent firmware version of the following products (list is not necessarily complete!): D-Link DIR-615 C NETGEAR AC1450 NETGEAR CENTRIA (WNDR4700/4720) NETGEAR D6100 NETGEAR D6200 NETGEAR D6300 NETGEAR D6400 NETGEAR DC112A NETGEAR DC112A (Zain) NETGEAR DGND4000 NETGEAR EX6200 NETGEAR EX7000 NETGEAR JNR3000 NETGEAR JNR3210 NETGEAR JR6150 NETGEAR LG6100D NETGEAR PR2000 NETGEAR R6050 NETGEAR R6100 NETGEAR R6200 NETGEAR R6200v2 NETGEAR R6220 NETGEAR R6250 NETGEAR R6300v1 NETGEAR R6300v2 NETGEAR R6700 NETGEAR R7000 NETGEAR R7500 NETGEAR R7900 NETGEAR R8000 NETGEAR WN3500RP NETGEAR WNDR3700v5 NETGEAR WNDR4300 NETGEAR WNDR4300v2 NETGEAR WNDR4500 NETGEAR WNDR4500v2 NETGEAR WNDR4500v3 NETGEAR XAU2511 NETGEAR XAUB2511 TP-LINK Archer C2 V1.0 (Fix planned before 2015/05/22) TP-LINK Archer C20 V1.0 (Not affected) TP-LINK Archer C20i V1.0 (Fix planned before 2015/05/25) TP-LINK Archer C5 V1.2 (Fix planned before 2015/05/22) TP-LINK Archer C5 V2.0 (Fix planned before 2015/05/30) TP-LINK Archer C7 V1.0 (Fix planned before 2015/05/30) TP-LINK Archer C7 V2.0 (Fix already released) TP-LINK Archer C8 V1.0 (Fix planned before 2015/05/30) TP-LINK Archer C9 V1.0 (Fix planned before 2015/05/22) TP-LINK Archer D2 V1.0 (Fix planned before 2015/05/22) TP-LINK Archer D5 V1.0 (Fix planned before 2015/05/25) TP-LINK Archer D7 V1.0 (Fix planned before 2015/05/25) TP-LINK Archer D7B V1.0 (Fix planned before 2015/05/31) TP-LINK Archer D9 V1.0 (Fix planned before 2015/05/25) TP-LINK Archer VR200v V1.0 (Fix already released) TP-LINK TD-VG3511 V1.0 (End-Of-Life) TP-LINK TD-VG3631 V1.0 (Fix planned before 2015/05/30) TP-LINK TD-VG3631 V1.0 (Fix planned before 2015/05/31) TP-LINK TD-W1042ND V1.0 (End-Of-Life) TP-LINK TD-W1043ND V1.0 (End-Of-Life) TP-LINK TD-W8968 V1.0 (Fix planned before 2015/05/30) TP-LINK TD-W8968 V2.0 (Fix planned before 2015/05/30) TP-LINK TD-W8968 V3.0 (Fix planned before 2015/05/25) TP-LINK TD-W8970 V1.0 (Fix planned before 2015/05/30) TP-LINK TD-W8970 V3.0 (Fix already released) TP-LINK TD-W8970B V1.0 (Fix planned before 2015/05/30) TP-LINK TD-W8980 V3.0 (Fix planned before 2015/05/25) TP-LINK TD-W8980B V1.0 (Fix planned before 2015/05/30) TP-LINK TD-W9980 V1.0 (Fix already released) TP-LINK TD-W9980B V1.0 (Fix planned before 2015/05/30) TP-LINK TD-WDR4900 V1.0 (End-Of-Life) TP-LINK TL-WR1043ND V2.0 (Fix planned before 2015/05/30) TP-LINK TL-WR1043ND V3.0 (Fix planned before 2015/05/30) TP-LINK TL-WR1045ND V2.0 (Fix planned before 2015/05/30) TP-LINK TL-WR3500 V1.0 (Fix planned before 2015/05/22) TP-LINK TL-WR3600 V1.0 (Fix planned before 2015/05/22) TP-LINK TL-WR4300 V1.0 (Fix planned before 2015/05/22) TP-LINK TL-WR842ND V2.0 (Fix planned before 2015/05/30) TP-LINK TL-WR842ND V1.0 (End-Of-Life) TP-LINK TX-VG1530(GPON) V1.0 (Fix planned before 2015/05/31) Trendnet TE100-MFP1 (v1.0R) Trendnet TEW-632BRP (A1.0R) Trendnet TEW-632BRP (A1.1R/A1.2R) Trendnet TEW-632BRP (A1.1R/A1.2R/A1.3R) Trendnet TEW-634GRU (v1.0R) Trendnet TEW-652BRP (V1.0R) Trendnet TEW-673GRU (v1.0R) Trendnet TEW-811DRU (v1.0R) Trendnet TEW-812DRU (v1.0R) Trendnet TEW-812DRU (v2.xR) Trendnet TEW-813DRU (v1.0R) Trendnet TEW-818DRU (v1.0R) Trendnet TEW-823DRU (v1.0R) Trendnet TEW-MFP1 (v1.0R) Zyxel NBG-419N v2 Zyxel NBG4615 v2 Zyxel NBG5615 Zyxel NBG5715
Based on information embedded in KCodes drivers we believe the following vendors are affected: Allnet Ambir Technology AMIT Asante Atlantis Corega Digitus D-Link EDIMAX Encore Electronics Engenius Etop Hardlink Hawking IOGEAR LevelOne Longshine NETGEAR PCI PROLiNK Sitecom Taifa TP-LINK TRENDnet Western Digital ZyXEL
Vendor contact timeline:
2015-02-28: Contacting vendor through support@kcodes.com 2015-03-04: No response, contacting various KCodes addresses found on the web. 2015-03-05: Vendor responds, requests more information. 2015-03-05: Providing advisory and proof of concept exploit. 2015-03-16: No response, requesting status update. 2015-03-16: Vendor responds, asks about fix verification(?) 2015-03-16: Requesting clarification about fixing status and information about next steps. Proposing conference call dates. 2015-03-19: No response, informing that notification of CERT/CC and selected vendors will start shortly. Requesting clarification about fixing status and information about next steps again. 2015-03-19: Vendor responds, confirms conference call date (2015-03-25). No further information provided. 2015-03-19: Providing advisory and proof of concept exploit to TP-LINK and NETGEAR. 2015-03-25: Vendor cancels conference call on short notice (sudden week-long business trip). 2015-03-26: Asking for support of CERT/CC regarding vendor coordination. 2015-03 - 2015-05: Coordination between CERT & vendors, NETGEAR and TP-LINK 2015-05-13: Notifying German CERT-Bund and Austrian CERT.at 2015-05-19: Coordinated release of security advisory
Solution:
TP-LINK has started releasing fixed firmware. The status of affected products can be found in the affected product list above.
For additional information also see CERT/CC vulnerability notice: http://www.kb.cert.org/vuls/id/177092
Workaround:
Sometimes NetUSB can be disabled via the web interface, but at least on NETGEAR devices this does not mitigate the vulnerability. NETGEAR told us, that there is no workaround available, the TCP port can't be firewalled nor is there a way to disable the service on their devices. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/Career.htm
Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/About/Contact.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult
EOF Stefan Viehböck / @2015
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "netusb", "scope": "eq", "trust": 1.6, "vendor": "kcodes", "version": null }, { "_id": null, "model": "tew-632brp", "scope": null, "trust": 1.2, "vendor": "trendnet", "version": null }, { "_id": null, "model": null, "scope": null, "trust": 0.8, "vendor": "d link", "version": null }, { "_id": null, "model": null, "scope": null, "trust": 0.8, "vendor": "kcodes", "version": null }, { "_id": null, "model": null, "scope": null, "trust": 0.8, "vendor": "netgear", "version": null }, { "_id": null, "model": null, "scope": null, "trust": 0.8, "vendor": "tp link", "version": null }, { "_id": null, "model": null, "scope": null, "trust": 0.8, "vendor": "trendnet", "version": null }, { "_id": null, "model": null, "scope": null, "trust": 0.8, "vendor": "zyxel", "version": null }, { "_id": null, "model": "", "scope": null, "trust": 0.8, "vendor": "multiple vendors", "version": null }, { "_id": null, "model": "tew-812dru", "scope": null, "trust": 0.6, "vendor": "trendnet", "version": null }, { "_id": null, "model": "nbg5715", "scope": "eq", "trust": 0.3, "vendor": "zyxel", "version": "0" }, { "_id": null, "model": "nbg5615", "scope": "eq", "trust": 0.3, "vendor": "zyxel", "version": "0" }, { "_id": null, "model": "nbg4615", "scope": "eq", "trust": 0.3, "vendor": "zyxel", "version": "v2" }, { "_id": null, "model": "nbg-419n", "scope": "eq", "trust": 0.3, "vendor": "zyxel", "version": "v20" }, { "_id": null, "model": "tew-mfp1", "scope": null, "trust": 0.3, "vendor": "trendnet", "version": null }, { "_id": null, "model": "tew-823dru", "scope": null, "trust": 0.3, "vendor": "trendnet", "version": null }, { "_id": null, "model": "tew-818dru", "scope": null, "trust": 0.3, "vendor": "trendnet", "version": null }, { "_id": null, "model": "tew-813dru", "scope": null, "trust": 0.3, "vendor": "trendnet", "version": null }, { "_id": null, "model": "tew-811dru", "scope": null, "trust": 0.3, "vendor": "trendnet", "version": null }, { "_id": null, "model": "tew-673gru", "scope": null, "trust": 0.3, "vendor": "trendnet", "version": null }, { "_id": null, "model": "tew-652brp", "scope": null, "trust": 0.3, "vendor": "trendnet", "version": null }, { "_id": null, "model": "tew-634gru", "scope": null, "trust": 0.3, "vendor": "trendnet", "version": null }, { "_id": null, "model": "te100-mfp1", "scope": null, "trust": 0.3, "vendor": "trendnet", "version": null }, { "_id": null, "model": "tx-vg1530", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "tl-wr842nd", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "2.0" }, { "_id": null, "model": "tl-wr842nd", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "tl-wr4300", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "tl-wr3600", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "tl-wr3500", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "tl-wr1045nd", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "2.0" }, { "_id": null, "model": "tl-wr1043nd", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "3.0" }, { "_id": null, "model": "tl-wr1043nd", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "2.0" }, { "_id": null, "model": "td-wdr4900", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "td-w9980b", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "td-w9980", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "td-w8980b", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "td-w8980", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "3.0" }, { "_id": null, "model": "td-w8970b", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "td-w8970", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "3.0" }, { "_id": null, "model": "td-w8970", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "td-w8968", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "3.0" }, { "_id": null, "model": "td-w8968", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "2.0" }, { "_id": null, "model": "td-w8968", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "td-w1043nd", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "td-w1042nd", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "td-vg3631", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "td-vg3511", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "archer vr200v", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "archer d9", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "archer d7b", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "archer d7", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "archer d5", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "archer d2", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "archer c7", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "archer c5", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "2.0" }, { "_id": null, "model": "archer c20i", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "archer c2", "scope": "eq", "trust": 0.3, "vendor": "tp link", "version": "1.0" }, { "_id": null, "model": "xaub2511", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "xau2511", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "wndr4500v3", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "wndr4500v2", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "wndr4500", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "wndr4300v2", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "wndr4300", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "wndr3700v5", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "wn3500rp", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r8000", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r7900", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r7500", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r7000", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r6700", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r6300v2", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r6300v1", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r6250", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r6220", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r6200v2", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r6200", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r6100", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "r6050", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "pr2000", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "lg6100d", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "jr6150", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "jnr3000", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "ex7000", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "ex6200", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "dgnd4000", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "dc112a", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "d6400", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "d6300", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "d6200", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "d6100", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "centria wndr4720", "scope": null, "trust": 0.3, "vendor": "netgear", "version": null }, { "_id": null, "model": "centria wndr4700", "scope": null, "trust": 0.3, "vendor": "netgear", "version": null }, { "_id": null, "model": "ac1450", "scope": "eq", "trust": 0.3, "vendor": "netgear", "version": "0" }, { "_id": null, "model": "netusb", "scope": "eq", "trust": 0.3, "vendor": "kcodes", "version": "0" }, { "_id": null, "model": "dir-685", "scope": "eq", "trust": 0.3, "vendor": "d link", "version": "2.00" }, { "_id": null, "model": "dir-615", "scope": "eq", "trust": 0.3, "vendor": "d link", "version": "3.13" } ], "sources": [ { "db": "CERT/CC", "id": "VU#177092" }, { "db": "BID", "id": "74724" }, { "db": "JVNDB", "id": "JVNDB-2015-002741" }, { "db": "CNNVD", "id": "CNNVD-201505-429" }, { "db": "NVD", "id": "CVE-2015-3036" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:misc:multiple_vendors", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-002741" } ] }, "credits": { "_id": null, "data": "Stefan Viehb\u00f6ck from SEC Consult Vulnerability Lab", "sources": [ { "db": "BID", "id": "74724" } ], "trust": 0.3 }, "cve": "CVE-2015-3036", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2015-3036", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "ADJACENT NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "availabilityRequirement": "NOT DEFINED", "baseScore": 5.7, "collateralDamagePotential": "NOT DEFINED", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT DEFINED", "enviromentalScore": 3.7, "exploitability": "PROOF-OF-CONCEPT", "exploitabilityScore": 5.5, "id": "CVE-2015-3036", "impactScore": 6.9, "integrityImpact": "NONE", "integrityRequirement": "NOT DEFINED", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "remediationLevel": "WORKAROUND", "reportConfidence": "CONFIRMED", "severity": "MEDIUM", "targetDistribution": "MEDIUM", "trust": 0.8, "userInteractionRequired": null, "vector_string": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2015-3036", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2015-3036", "trust": 0.8, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2015-3036", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201505-429", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2015-3036", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#177092" }, { "db": "VULMON", "id": "CVE-2015-3036" }, { "db": "JVNDB", "id": "JVNDB-2015-002741" }, { "db": "CNNVD", "id": "CNNVD-201505-429" }, { "db": "NVD", "id": "CVE-2015-3036" } ] }, "description": { "_id": null, "data": "Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005. KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution. KCodes NetUSB The kernel driver contains a buffer overflow vulnerability. KCodes NetUSB Is Linux Connected to base embedded devices (home router products, etc.) USB Share devices on the network \"USB over IP\" To realize the function, Linux Kernel module. Buffer overflow (CWE-120) - CVE-2015-3036 http://cwe.mitre.org/data/definitions/120.html The client NetUSB The data to send when connecting to the server NetUSB A buffer overflow can occur because the kernel driver does not validate properly. For more information SEC Consult Please check the advisory for. SEC Consult Vulnerability Lab Security Advisory \u003c 20150519-0 \u003e https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt In addition, National Vulnerability Database (NVD) Then CWE-119 It is published as CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer ( Buffer error ) http://cwe.mitre.org/data/definitions/119.htmlAn attacker on the local network caused a buffer overflow, resulting in a denial of service operation (DoS) An attacker may be able to attack or execute arbitrary code. Depending on the default settings of the device, a remote attack may be possible. KCodes NetUSB is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. SEC Consult Vulnerability Lab Security Advisory \u003c 20150519-0 \u003e\n=======================================================================\n title: Kernel Stack Buffer Overflow\n product: KCodes NetUSB\n vulnerable version: see Vulnerable / tested versions\n fixed version: see Solution\n CVE number: CVE-2015-3036, VU#177092\n impact: Critical\n homepage: http://www.kcodes.com/\n found: 2015-02-23\n by: Stefan Viehb\u00f6ck (Office Vienna)\n SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult\n Berlin - Frankfurt/Main - Montreal - Singapore\n Vienna (HQ) - Vilnius - Zurich\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"The world\u0027s premier technology provider of mobile printing, audio and\nvideo communication, file sharing, and USB applications for iPhones,\niPads, smart phones and tablets (Android and Windows), MacBooks, and\nUltrabooks.\"\n\nSource: http://www.kcodes.com/\n\n\nVulnerability overview/description:\n-----------------------------------\nNetUSB suffers from a remotely exploitable kernel stack buffer overflow. \nBecause of insufficient input validation, an overly long computer name can be\nused to overflow the \"computer name\" kernel stack buffer. This results in\nmemory corruption which can be turned into arbitrary remote code execution. \n\nFurthermore, a more detailed summary of this advisory has been published at our\nblog: http://blog.sec-consult.com\n\n\nProof of concept:\n-----------------\nBelow is an excerpt from the vulnerable run_init_sbus() function (pseudo code):\n\nint computername_len;\nchar computername_buf[64];\n// connection initiation, handshake\nlen = ks_recv(sock, \u0026computername_len, 4, 0);\n// ... \nlen = ks_recv(sock, computername_buf, computername_len, 0); // boom!\n\nA proof of concept \"netusb_bof.py\" has been developed which exploits the\nvulnerability. The PoC DoS exploit will not be published as many vendors\ndid not patch the vulnerability yet. \n\nExample use that results in denial-of-service (kernel memory corruption that\nresults in a device reboot):\n./netusb_bof.py 192.168.1.1 20005 500\n\n\nVulnerable / tested versions:\n-----------------------------\nThe vulnerability has been verified to exist in most recent firmware versions\nof the following devives:\n\nTP-Link TL-WDR4300 V1\nTP-Link WR1043ND v2\nNETGEAR WNDR4500\n\nFurthermore we\u0027ve identified NetUSB in the most recent firmware version of the\nfollowing products (list is not necessarily complete!):\nD-Link DIR-615 C\nNETGEAR AC1450\nNETGEAR CENTRIA (WNDR4700/4720)\nNETGEAR D6100\nNETGEAR D6200\nNETGEAR D6300\nNETGEAR D6400\nNETGEAR DC112A\nNETGEAR DC112A (Zain)\nNETGEAR DGND4000\nNETGEAR EX6200\nNETGEAR EX7000\nNETGEAR JNR3000\nNETGEAR JNR3210\nNETGEAR JR6150\nNETGEAR LG6100D\nNETGEAR PR2000\nNETGEAR R6050\nNETGEAR R6100\nNETGEAR R6200\nNETGEAR R6200v2\nNETGEAR R6220\nNETGEAR R6250\nNETGEAR R6300v1\nNETGEAR R6300v2\nNETGEAR R6700\nNETGEAR R7000\nNETGEAR R7500\nNETGEAR R7900\nNETGEAR R8000\nNETGEAR WN3500RP\nNETGEAR WNDR3700v5\nNETGEAR WNDR4300\nNETGEAR WNDR4300v2\nNETGEAR WNDR4500\nNETGEAR WNDR4500v2\nNETGEAR WNDR4500v3\nNETGEAR XAU2511\nNETGEAR XAUB2511\nTP-LINK Archer C2 V1.0 (Fix planned before 2015/05/22)\nTP-LINK Archer C20 V1.0 (Not affected)\nTP-LINK Archer C20i V1.0 (Fix planned before 2015/05/25)\nTP-LINK Archer C5 V1.2 (Fix planned before 2015/05/22)\nTP-LINK Archer C5 V2.0 (Fix planned before 2015/05/30)\nTP-LINK Archer C7 V1.0 (Fix planned before 2015/05/30)\nTP-LINK Archer C7 V2.0 (Fix already released)\nTP-LINK Archer C8 V1.0 (Fix planned before 2015/05/30)\nTP-LINK Archer C9 V1.0 (Fix planned before 2015/05/22)\nTP-LINK Archer D2 V1.0 (Fix planned before 2015/05/22)\nTP-LINK Archer D5 V1.0 (Fix planned before 2015/05/25)\nTP-LINK Archer D7 V1.0 (Fix planned before 2015/05/25)\nTP-LINK Archer D7B V1.0 (Fix planned before 2015/05/31)\nTP-LINK Archer D9 V1.0 (Fix planned before 2015/05/25)\nTP-LINK Archer VR200v V1.0 (Fix already released)\nTP-LINK TD-VG3511 V1.0 (End-Of-Life)\nTP-LINK TD-VG3631 V1.0 (Fix planned before 2015/05/30)\nTP-LINK TD-VG3631 V1.0 (Fix planned before 2015/05/31)\nTP-LINK TD-W1042ND V1.0 (End-Of-Life)\nTP-LINK TD-W1043ND V1.0 (End-Of-Life)\nTP-LINK TD-W8968 V1.0 (Fix planned before 2015/05/30)\nTP-LINK TD-W8968 V2.0 (Fix planned before 2015/05/30)\nTP-LINK TD-W8968 V3.0 (Fix planned before 2015/05/25)\nTP-LINK TD-W8970 V1.0 (Fix planned before 2015/05/30)\nTP-LINK TD-W8970 V3.0 (Fix already released)\nTP-LINK TD-W8970B V1.0 (Fix planned before 2015/05/30)\nTP-LINK TD-W8980 V3.0 (Fix planned before 2015/05/25)\nTP-LINK TD-W8980B V1.0 (Fix planned before 2015/05/30)\nTP-LINK TD-W9980 V1.0 (Fix already released)\nTP-LINK TD-W9980B V1.0 (Fix planned before 2015/05/30)\nTP-LINK TD-WDR4900 V1.0 (End-Of-Life)\nTP-LINK TL-WR1043ND V2.0 (Fix planned before 2015/05/30)\nTP-LINK TL-WR1043ND V3.0 (Fix planned before 2015/05/30)\nTP-LINK TL-WR1045ND V2.0 (Fix planned before 2015/05/30)\nTP-LINK TL-WR3500 V1.0 (Fix planned before 2015/05/22)\nTP-LINK TL-WR3600 V1.0 (Fix planned before 2015/05/22)\nTP-LINK TL-WR4300 V1.0 (Fix planned before 2015/05/22)\nTP-LINK TL-WR842ND V2.0 (Fix planned before 2015/05/30)\nTP-LINK TL-WR842ND V1.0 (End-Of-Life)\nTP-LINK TX-VG1530(GPON) V1.0 (Fix planned before 2015/05/31)\nTrendnet TE100-MFP1 (v1.0R)\nTrendnet TEW-632BRP (A1.0R)\nTrendnet TEW-632BRP (A1.1R/A1.2R)\nTrendnet TEW-632BRP (A1.1R/A1.2R/A1.3R)\nTrendnet TEW-634GRU (v1.0R)\nTrendnet TEW-652BRP (V1.0R)\nTrendnet TEW-673GRU (v1.0R)\nTrendnet TEW-811DRU (v1.0R)\nTrendnet TEW-812DRU (v1.0R)\nTrendnet TEW-812DRU (v2.xR)\nTrendnet TEW-813DRU (v1.0R)\nTrendnet TEW-818DRU (v1.0R)\nTrendnet TEW-823DRU (v1.0R)\nTrendnet TEW-MFP1 (v1.0R)\nZyxel NBG-419N v2\nZyxel NBG4615 v2\nZyxel NBG5615\nZyxel NBG5715\n\nBased on information embedded in KCodes drivers we believe the following\nvendors are affected:\nAllnet\nAmbir Technology\nAMIT\nAsante\nAtlantis\nCorega\nDigitus\nD-Link\nEDIMAX\nEncore Electronics\nEngenius\nEtop\nHardlink\nHawking\nIOGEAR\nLevelOne\nLongshine\nNETGEAR\nPCI\nPROLiNK\nSitecom\nTaifa\nTP-LINK\nTRENDnet\nWestern Digital\nZyXEL\n\n\nVendor contact timeline:\n------------------------\n2015-02-28: Contacting vendor through support@kcodes.com\n2015-03-04: No response, contacting various KCodes addresses found on the web. \n2015-03-05: Vendor responds, requests more information. \n2015-03-05: Providing advisory and proof of concept exploit. \n2015-03-16: No response, requesting status update. \n2015-03-16: Vendor responds, asks about fix verification(?)\n2015-03-16: Requesting clarification about fixing status and information about\n next steps. Proposing conference call dates. \n2015-03-19: No response, informing that notification of CERT/CC and selected\n vendors will start shortly. Requesting clarification about fixing\n status and information about next steps again. \n2015-03-19: Vendor responds, confirms conference call date (2015-03-25). No\n further information provided. \n2015-03-19: Providing advisory and proof of concept exploit to TP-LINK and\n NETGEAR. \n2015-03-25: Vendor cancels conference call on short notice (sudden week-long\n business trip). \n2015-03-26: Asking for support of CERT/CC regarding vendor coordination. \n2015-03 - 2015-05: Coordination between CERT \u0026 vendors, NETGEAR and TP-LINK\n2015-05-13: Notifying German CERT-Bund and Austrian CERT.at\n2015-05-19: Coordinated release of security advisory\n\n\nSolution:\n---------\nTP-LINK has started releasing fixed firmware. The status of affected products\ncan be found in the affected product list above. \n\nFor additional information also see CERT/CC vulnerability notice:\nhttp://www.kb.cert.org/vuls/id/177092\n\n\nWorkaround:\n-----------\nSometimes NetUSB can be disabled via the web interface, but at least on NETGEAR\ndevices this does not mitigate the vulnerability. NETGEAR told us, that there is\nno workaround available, the TCP port can\u0027t be firewalled nor is there a way to\ndisable the service on their devices. It\nensures the continued knowledge gain of SEC Consult in the field of network\nand application security to stay ahead of the attacker. The SEC Consult\nVulnerability Lab supports high-quality penetration testing and the evaluation\nof new offensive and defensive technologies for our customers. Hence our\ncustomers obtain the most current information about vulnerabilities and valid\nrecommendation about the risk profile of new technologies. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nInterested to work with the experts of SEC Consult?\nSend us your application https://www.sec-consult.com/en/Career.htm\n\nInterested in improving your cyber security with the experts of SEC Consult?\nContact our local offices https://www.sec-consult.com/en/About/Contact.htm\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nEOF Stefan Viehb\u00f6ck / @2015\n\n", "sources": [ { "db": "NVD", "id": "CVE-2015-3036" }, { "db": "CERT/CC", "id": "VU#177092" }, { "db": "JVNDB", "id": "JVNDB-2015-002741" }, { "db": "BID", "id": "74724" }, { "db": "VULMON", "id": "CVE-2015-3036" }, { "db": "PACKETSTORM", "id": "131987" } ], "trust": 2.79 }, "exploit_availability": { "_id": null, "data": [ { "reference": "https://www.kb.cert.org/vuls/id/177092", "trust": 0.8, "type": "poc" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38566", "trust": 0.2, "type": "exploit" } ], "sources": [ { "db": "CERT/CC", "id": "VU#177092" }, { "db": "VULMON", "id": "CVE-2015-3036" } ] }, "external_ids": { "_id": null, "data": [ { "db": "CERT/CC", "id": "VU#177092", "trust": 3.7 }, { "db": "NVD", "id": "CVE-2015-3036", "trust": 2.9 }, { "db": "BID", "id": "74724", "trust": 1.4 }, { "db": "PACKETSTORM", "id": "131987", "trust": 1.2 }, { "db": "SECTRACK", "id": "1032377", "trust": 1.1 }, { "db": "PACKETSTORM", "id": "133919", "trust": 1.1 }, { "db": "EXPLOIT-DB", "id": "38566", "trust": 1.1 }, { "db": "EXPLOIT-DB", "id": "38454", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU90185396", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-002741", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201505-429", "trust": 0.6 }, { "db": "DLINK", "id": "SAP10057", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2015-3036", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#177092" }, { "db": "VULMON", "id": "CVE-2015-3036" }, { "db": "BID", "id": "74724" }, { "db": "JVNDB", "id": "JVNDB-2015-002741" }, { "db": "PACKETSTORM", "id": "131987" }, { "db": "CNNVD", "id": "CNNVD-201505-429" }, { "db": "NVD", "id": "CVE-2015-3036" } ] }, "id": "VAR-201505-0408", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.5379009930555555 }, "last_update_date": "2024-11-23T23:09:15.345000Z", "patch": { "_id": null, "data": [ { "title": "USB Over IP (NetUSB)", "trust": 0.8, "url": "http://www.kcodes.com/product/usb_01.html" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2015/05/20/netusb_router_fail/" }, { "title": "TD-W8970-NetUSB-Fix-v1-", "trust": 0.1, "url": "https://github.com/Leproide/TD-W8970-NetUSB-Fix-v1- " }, { "title": "NetUSB-exploit", "trust": 0.1, "url": "https://github.com/funsecurity/NetUSB-exploit " }, { "title": "MiraiSecurity", "trust": 0.1, "url": "https://github.com/pandazheng/MiraiSecurity " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/details-surface-on-unpatched-kcodes-netusb-bug/112910/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3036" }, { "db": "JVNDB", "id": "JVNDB-2015-002741" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.8 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-002741" }, { "db": "NVD", "id": "CVE-2015-3036" } ] }, "references": { "_id": null, "data": [ { "trust": 3.6, "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_kcodes_netusb_kernel_stack_buffer_overflow_v10.txt" }, { "trust": 3.3, "url": "http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html" }, { "trust": 2.9, "url": "http://www.kb.cert.org/vuls/id/177092" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/74724" }, { "trust": 1.2, "url": "https://www.exploit-db.com/exploits/38566/" }, { "trust": 1.1, "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10057" }, { "trust": 1.1, "url": "http://packetstormsecurity.com/files/131987/kcodes-netusb-buffer-overflow.html" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2015/may/74" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1032377" }, { "trust": 1.1, "url": "http://packetstormsecurity.com/files/133919/netusb-stack-buffer-overflow.html" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2015/oct/50" }, { "trust": 1.1, "url": "https://www.exploit-db.com/exploits/38454/" }, { "trust": 0.8, "url": "http://kb.netgear.com/app/answers/detail/a_id/28393/" }, { "trust": 0.8, "url": "http://www.trendnet.com/support/view.asp?cat=4\u0026id=58" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3036" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu90185396/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3036" }, { "trust": 0.3, "url": "http://www.kcodes.com/product/usb_01.html" }, { "trust": 0.3, "url": "https://github.com/funsecurity/netusb-exploit" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://github.com/leproide/td-w8970-netusb-fix-v1-" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.sec-consult.com/en/career.htm" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3036" }, { "trust": 0.1, "url": "https://www.sec-consult.com" }, { "trust": 0.1, "url": "https://www.sec-consult.com/en/about/contact.htm" }, { "trust": 0.1, "url": "https://twitter.com/sec_consult" }, { "trust": 0.1, "url": "http://blog.sec-consult.com" }, { "trust": 0.1, "url": "http://www.kcodes.com/" }, { "trust": 0.1, "url": "https://www.sec-consult.com/en/vulnerability-lab/advisories.htm" } ], "sources": [ { "db": "CERT/CC", "id": "VU#177092" }, { "db": "VULMON", "id": "CVE-2015-3036" }, { "db": "BID", "id": "74724" }, { "db": "JVNDB", "id": "JVNDB-2015-002741" }, { "db": "PACKETSTORM", "id": "131987" }, { "db": "CNNVD", "id": "CNNVD-201505-429" }, { "db": "NVD", "id": "CVE-2015-3036" } ] }, "sources": { "_id": null, "data": [ { "db": "CERT/CC", "id": "VU#177092", "ident": null }, { "db": "VULMON", "id": "CVE-2015-3036", "ident": null }, { "db": "BID", "id": "74724", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2015-002741", "ident": null }, { "db": "PACKETSTORM", "id": "131987", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201505-429", "ident": null }, { "db": "NVD", "id": "CVE-2015-3036", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2015-05-19T00:00:00", "db": "CERT/CC", "id": "VU#177092", "ident": null }, { "date": "2015-05-21T00:00:00", "db": "VULMON", "id": "CVE-2015-3036", "ident": null }, { "date": "2015-05-19T00:00:00", "db": "BID", "id": "74724", "ident": null }, { "date": "2015-05-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002741", "ident": null }, { "date": "2015-05-21T14:44:44", "db": "PACKETSTORM", "id": "131987", "ident": null }, { "date": "2015-05-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201505-429", "ident": null }, { "date": "2015-05-21T01:59:27.087000", "db": "NVD", "id": "CVE-2015-3036", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2015-06-05T00:00:00", "db": "CERT/CC", "id": "VU#177092", "ident": null }, { "date": "2016-12-08T00:00:00", "db": "VULMON", "id": "CVE-2015-3036", "ident": null }, { "date": "2015-12-08T22:03:00", "db": "BID", "id": "74724", "ident": null }, { "date": "2015-05-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002741", "ident": null }, { "date": "2015-05-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201505-429", "ident": null }, { "date": "2024-11-21T02:28:31.787000", "db": "NVD", "id": "CVE-2015-3036", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201505-429" } ], "trust": 0.6 }, "title": { "_id": null, "data": "KCodes NetUSB kernel driver is vulnerable to buffer overflow", "sources": [ { "db": "CERT/CC", "id": "VU#177092" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201505-429" } ], "trust": 0.6 } }
var-202012-1195
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before 1.0.0.46, EX6200 before 1.0.3.94, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6250 before 1.0.4.42, R6300v2 before 1.0.4.42, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6700 before 1.0.2.16, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V-200 before 1.0.0.46, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3500RP before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50. plural NETGEAR A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1195", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "cbr40", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "2.5.0.10" }, { "model": "d6220", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.60" }, { "model": "ex3920", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.84" }, { "model": "ex7000", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.1.90" }, { "model": "rbk852", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "3.2.16.6" }, { "model": "ms60", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.5.102" }, { "model": "r8000p", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.4.1.62" }, { "model": "r6900p", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.3.2.124" }, { "model": "r6250", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.4.42" }, { "model": "rax200", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.2.102" }, { "model": "rax50", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.2.32" }, { "model": "ex6150", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.46" }, { "model": "r6900", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.2.16" }, { "model": "ex6920", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.54" }, { "model": "rs400", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.5.0.48" }, { "model": "r7960p", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.4.1.62" }, { "model": "dc112a", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.48" }, { "model": "mk62", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.5.102" }, { "model": "ex3700", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.84" }, { "model": "r8300", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.2.134" }, { "model": "ex6130", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.36" }, { "model": "rax20", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.1.64" }, { "model": "r7000", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.11.106" }, { "model": "rx45", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.2.32" }, { "model": "rbs850", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "3.2.16.6" }, { "model": "r6400v2", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.4.98" }, { "model": "ex6000", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.44" }, { "model": "ex3800", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.84" }, { "model": "rbs750", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "3.2.16.6" }, { "model": "rbs40v-200", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.46" }, { "model": "ex6120", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.54" }, { "model": "ex6200", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.3.94" }, { "model": "r7850", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.5.60" }, { "model": "wn2500rpv2", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.1.56" }, { "model": "wnr1000v3", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.2.78" }, { "model": "r6400", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.1.62" }, { "model": "mr60", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.5.102" }, { "model": "eax20", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.36" }, { "model": "rax75", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.3.102" }, { "model": "r8500", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.2.134" }, { "model": "rbk842", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "3.2.16.6" }, { "model": "eax80", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.1.62" }, { "model": "wn3500rp", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.28" }, { "model": "rbr750", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "3.2.16.6" }, { "model": "rbw30", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "2.5.0.4" }, { "model": "r7900", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.4.26" }, { "model": "d6400", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.94" }, { "model": "r6300v2", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.4.42" }, { "model": "r8000", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.4.58" }, { "model": "r7100lg", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.56" }, { "model": "rax80", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.3.102" }, { "model": "xr300", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.3.50" }, { "model": "wnr2000v2", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.2.0.12" }, { "model": "ex6100", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.2.28" }, { "model": "r6700", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.2.16" }, { "model": "dgn2200v4", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.114" }, { "model": "rax15", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.1.64" }, { "model": "rbk752", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "3.2.16.6" }, { "model": "wndr3400v3", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.1.32" }, { "model": "rbs840", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "3.2.16.6" }, { "model": "r7900p", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.4.1.62" }, { "model": "d8500", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.3.50" }, { "model": "ex7500", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.68" }, { "model": "r7000p", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.3.2.124" }, { "model": "d7000v2", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.0.62" }, { "model": "wnr3500lv2", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.2.0.62" }, { "model": "rbr840", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "3.2.16.6" }, { "model": "r6700v3", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "1.0.4.98" }, { "model": "rbr850", "scope": "lt", "trust": 1.0, "vendor": "netgear", "version": "3.2.16.6" }, { "model": "d6400", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "d6220", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "ex3700", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "dc112a", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "dgn2200v4", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "d7000v2", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "eax20", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "d8500", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "eax80", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "cbr40", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015040" }, { "db": "NVD", "id": "CVE-2020-35796" } ] }, "cve": "CVE-2020-35796", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2020-35796", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-35796", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT", "author": "cve@mitre.org", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-35796", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-35796", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-35796", "trust": 1.0, "value": "CRITICAL" }, { "author": "cve@mitre.org", "id": "CVE-2020-35796", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-35796", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202012-1747", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015040" }, { "db": "CNNVD", "id": "CNNVD-202012-1747" }, { "db": "NVD", "id": "CVE-2020-35796" }, { "db": "NVD", "id": "CVE-2020-35796" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before 1.0.0.46, EX6200 before 1.0.3.94, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6250 before 1.0.4.42, R6300v2 before 1.0.4.42, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6700 before 1.0.2.16, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V-200 before 1.0.0.46, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3500RP before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50. plural NETGEAR A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", "sources": [ { "db": "NVD", "id": "CVE-2020-35796" }, { "db": "JVNDB", "id": "JVNDB-2020-015040" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-35796", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2020-015040", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202012-1747", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015040" }, { "db": "CNNVD", "id": "CNNVD-202012-1747" }, { "db": "NVD", "id": "CVE-2020-35796" } ] }, "id": "VAR-202012-1195", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4478068748749998 }, "last_update_date": "2024-11-23T22:16:10.698000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Security\u00a0Advisory\u00a0for\u00a0Pre-Authentication\u00a0Buffer\u00a0Overflow\u00a0on\u00a0Some\u00a0Routers,\u00a0Range\u00a0Extenders,\u00a0and\u00a0WiFi\u00a0Systems,\u00a0PSV-2020-0201", "trust": 0.8, "url": "https://kb.netgear.com/000062717/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0201" }, { "title": "Certain NETGEAR devices Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138126" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015040" }, { "db": "CNNVD", "id": "CNNVD-202012-1747" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.0 }, { "problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015040" }, { "db": "NVD", "id": "CVE-2020-35796" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://kb.netgear.com/000062717/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-range-extenders-and-wifi-systems-psv-2020-0201" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35796" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015040" }, { "db": "CNNVD", "id": "CNNVD-202012-1747" }, { "db": "NVD", "id": "CVE-2020-35796" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2020-015040" }, { "db": "CNNVD", "id": "CNNVD-202012-1747" }, { "db": "NVD", "id": "CVE-2020-35796" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015040" }, { "date": "2020-12-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202012-1747" }, { "date": "2020-12-30T00:15:14.160000", "db": "NVD", "id": "CVE-2020-35796" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-08T08:43:00", "db": "JVNDB", "id": "JVNDB-2020-015040" }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202012-1747" }, { "date": "2024-11-21T05:28:07.700000", "db": "NVD", "id": "CVE-2020-35796" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202012-1747" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0NETGEAR\u00a0 Classic buffer overflow vulnerability in device", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015040" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202012-1747" } ], "trust": 0.6 } }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B05686E-7206-4E3B-BDBD-05C8EA6CABB5", "versionEndExcluding": "2.5.0.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2A04BB9-E816-49B5-B539-4B36A5CFFA22", "versionEndExcluding": "1.0.0.60", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3EEA190-2E9C-4586-BF81-B115532FBA23", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F4BC21D-8354-4C71-BE68-9D1A14A9471F", "versionEndExcluding": "1.0.0.94", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D30939B-86E3-4C78-9B05-686B4994C8B9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3DCFE88-1262-43BF-88BB-B26658EDEDF1", "versionEndExcluding": "1.0.0.62", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DC6BD34-1A2C-4247-A20C-0B44C0F56E0F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F3F88DD-CE38-45A8-990A-4770A480D1BF", "versionEndExcluding": "1.0.3.50", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", "matchCriteriaId": "814A0114-9A1D-4EA0-9AF4-6968514E4F01", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D989E9B-5626-4238-877A-FFB0FC1C6352", "versionEndExcluding": "1.0.0.48", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*", "matchCriteriaId": "F87FFC46-137D-45B8-B437-F15565FB33D0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:dgn2200v4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE1AC249-D64C-4E61-A22A-1498712D2758", "versionEndExcluding": "1.0.0.114", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:dgn2200v4:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BE59214-C8A1-4337-A54C-E4E8C149B241", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "62EFA314-85C0-48CC-938E-E2BF42B16746", "versionEndExcluding": "1.0.0.36", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9D3B54B-33C0-4E50-AD2B-2097C612F288", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7EE6BC6-DEDA-4005-9E29-D66D0BC7E5C2", "versionEndExcluding": "1.0.1.62", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*", "matchCriteriaId": "97740F5D-063E-424F-A0FE-09EBE1100975", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "953A4436-6F98-494C-B184-354E577F8E59", "versionEndExcluding": "1.0.0.84", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDAA5899-B73C-4690-853E-B5400F034BE1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF7B1DD1-E197-461C-9537-C6D1DF2F6D7D", "versionEndExcluding": "1.0.0.84", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC5488D9-651C-4BAB-A141-06B816690D42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex3920_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33BDAF99-3E64-427E-ACAF-AEFB75401C72", "versionEndExcluding": "1.0.0.84", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex3920:-:*:*:*:*:*:*:*", "matchCriteriaId": "E576341B-2426-4F4D-8DF4-0A6D462656A3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex6000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDB99B74-2E41-4986-96BB-B728ED32405B", "versionEndExcluding": "1.0.0.44", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "02E7CA7E-E6CA-4BAB-8F40-4731EA523D91", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8491DCE-15CC-42F2-B253-68FEDF731DF5", "versionEndExcluding": "1.0.2.28", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex6100:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB84CD03-765C-4D4F-A176-364F8E72A4E7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1AA1E29-118C-4299-91FA-2C8584EC6F6C", "versionEndExcluding": "1.0.0.54", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B845CEBF-A8A2-474B-9094-43AA53560150", "versionEndExcluding": "1.0.0.36", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*", "matchCriteriaId": "305E295C-9C73-4798-A0BE-7973E1EE5EAB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "22C12B59-DF06-4133-9F30-24EB02CECB9C", "versionEndExcluding": "1.0.0.46", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex6150:-:*:*:*:*:*:*:*", "matchCriteriaId": "46452E97-9347-4788-9570-1EECECC7255E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CB304C9-D59C-4FAB-A034-1B2B7B41AA71", "versionEndExcluding": "1.0.3.94", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*", "matchCriteriaId": "3186CC67-B567-4A0C-BD2C-0433716FBD1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex6920_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FF964D1-1FCE-467B-8B7F-8189CDF728D4", "versionEndExcluding": "1.0.0.54", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex6920:-:*:*:*:*:*:*:*", "matchCriteriaId": "65914D7F-39EA-489B-8DE7-8547AFC05F64", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A096742-1FFA-4C19-B697-EC5154411CF2", "versionEndExcluding": "1.0.1.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F45B620-60B8-40F3-A055-181ADD71EFFF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B59B0C17-2714-48E8-8911-E72488CE32E3", "versionEndExcluding": "1.0.0.68", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*", "matchCriteriaId": "44336289-F9DA-4779-8C1A-0221E29E2E2F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7658849-0743-487B-803F-D49680EDF185", "versionEndExcluding": "1.0.5.102", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*", "matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E18CCBB-46CD-423D-AA66-36F223EFD6E6", "versionEndExcluding": "1.0.5.102", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*", "matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "07A1D7A9-29E9-4B1D-90DB-24E0967C9BC7", "versionEndExcluding": "1.0.5.102", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*", "matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CE369F2-053B-4F67-B295-54EE41C6C4DA", "versionEndExcluding": "1.0.4.42", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*", "matchCriteriaId": "321BE843-52C4-4638-A321-439CA7B3A6F2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r6300v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD8455EE-AFAD-445D-910B-E8D9F02E8B1B", "versionEndExcluding": "1.0.4.42", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r6300v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "7909744D-FE9B-49D1-ADB3-029CCC432A47", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "478CE991-5E30-438D-94B0-0E15A29E27BD", "versionEndExcluding": "1.0.1.62", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E32C097-6EDF-4C81-A375-028DB67B6231", "versionEndExcluding": "1.0.4.98", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCCFD041-9413-4E37-8C4D-F50D1B10582B", "versionEndExcluding": "1.0.4.98", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*", "matchCriteriaId": "C88DA385-5FAE-49EC-80D6-78F81E7EEC16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "19D625E4-17F4-44EF-9A51-DA0BAD4835F2", "versionEndExcluding": "1.0.2.16", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "21B27F11-4262-4CE1-8107-B365A7C152F2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "61DE3850-1661-43D1-9E52-31E2E01979EE", "versionEndExcluding": "1.3.2.124", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1D59AC0-2859-46C0-B050-3BB8E3E9CB06", "versionEndExcluding": "1.0.2.16", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", "matchCriteriaId": "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D208F2CA-DB20-4C82-8FFF-B99EBFE29713", "versionEndExcluding": "1.0.11.106", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C6F506A-464D-4BDE-8F9B-D537D3C7E137", "versionEndExcluding": "1.3.2.124", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8841DA90-D1B1-40EB-809D-14C014337AAB", "versionEndExcluding": "1.0.0.56", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", "matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4171EB00-3664-43D5-9B62-A3538C358142", "versionEndExcluding": "1.0.5.60", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9800CB2-C14A-406B-B1FF-B1B62862EBDB", "versionEndExcluding": "1.0.4.26", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", "matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "44537647-E0B2-477D-98A5-7EA850BF3321", "versionEndExcluding": "1.4.1.62", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA8D0327-0A72-44EC-9CC2-6CAF6A0C08B2", "versionEndExcluding": "1.4.1.62", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F030129E-95C6-4C31-92A6-DABCDC1B534B", "versionEndExcluding": "1.0.4.58", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B377E02-0228-4A2F-90F3-A82E7E964B37", "versionEndExcluding": "1.4.1.62", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6324787-AE71-423A-B853-8B22CA3A5294", "versionEndExcluding": "1.0.2.134", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72C4B203-565A-43BC-9800-274060CE23F2", "versionEndExcluding": "1.0.2.134", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC5225D5-96AD-43EE-BAA3-37B7FEF97E86", "versionEndExcluding": "1.0.1.64", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", "matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33505A97-35DB-4EFD-9D47-EA03057C8FFD", "versionEndExcluding": "1.0.1.64", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", "matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "49D5D1E8-637A-4970-8753-6A3FCA8FAC64", "versionEndExcluding": "1.0.2.102", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rx45_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "867CC271-D1F9-4289-9859-7FE084C2BB5C", "versionEndExcluding": "1.0.2.32", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rx45:-:*:*:*:*:*:*:*", "matchCriteriaId": "20AD88BE-1321-4029-8C31-E558DCBDE9E8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "41D61A7C-BF7E-4A84-A08B-C9FF449AF952", "versionEndExcluding": "1.0.2.32", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", "matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADDF0077-E02C-4DDA-A84E-DF3A0237FC66", "versionEndExcluding": "1.0.3.102", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "81DF924F-FDA4-4588-B8A3-6F18ABBD4976", "versionEndExcluding": "1.0.3.102", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDD03FFF-ECAF-4527-A195-559DF479A0F2", "versionEndExcluding": "3.2.16.6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*", "matchCriteriaId": "A45832BD-114D-42F1-B9F1-7532496D30A6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05A46FA9-5DC8-4408-B4C2-AD5F1CABE7C1", "versionEndExcluding": "3.2.16.6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*", "matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C144D71-6C10-44CD-BFF9-907A92F0432C", "versionEndExcluding": "3.2.16.6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*", "matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rbk842_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5C6DF5F-FEFB-4A30-87CC-379E726AE181", "versionEndExcluding": "3.2.16.6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rbk842:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E9B19B2-5FF1-4C85-8504-C33C34F072B1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "451C5603-927A-4EB9-BF9D-150FE16A48F8", "versionEndExcluding": "3.2.16.6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rbr840:-:*:*:*:*:*:*:*", "matchCriteriaId": "4489CB05-A1C0-408C-8D8C-56EE98CA20E8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B22B149-BD16-42A0-BB1D-DEF483F6B5E1", "versionEndExcluding": "3.2.16.6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rbs840:-:*:*:*:*:*:*:*", "matchCriteriaId": "84AEA27B-8BEA-4E83-819A-FDAC1881928F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B66A716A-7EC5-4F9B-853A-36C0D1AA3BFE", "versionEndExcluding": "3.2.16.6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*", "matchCriteriaId": "14F257FE-31CE-4F74-829D-29407D74ADF7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE13548D-0A26-45C1-8424-D4705EB105EA", "versionEndExcluding": "3.2.16.6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*", "matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "041D94DE-78C9-475C-9FAE-0B081C69B55F", "versionEndExcluding": "3.2.16.6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*", "matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rbs40v-200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCFCED24-A687-4C5E-BE2E-60C2189254CF", "versionEndExcluding": "1.0.0.46", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rbs40v-200:-:*:*:*:*:*:*:*", "matchCriteriaId": "935C7519-678D-4C40-BD35-3F281890C7C0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rbw30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "993FD563-493C-460C-B379-E02A90295434", "versionEndExcluding": "2.5.0.4", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rbw30:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEA73D22-970D-45F2-81F3-9576C04CCC94", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "921A8CFC-D86E-4674-998E-31F4F956B5DC", "versionEndExcluding": "1.5.0.48", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:wn2500rpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9FCAF1C-DB77-402B-98D2-8C3FE7DBA8FF", "versionEndExcluding": "1.0.1.56", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:wn2500rpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "65FACC9E-3E0E-4416-9280-706F4FCE436A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:wn3500rp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0EEFD6D-A6DC-4F91-9A6A-4F96712ED151", "versionEndExcluding": "1.0.0.28", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:wn3500rp:-:*:*:*:*:*:*:*", "matchCriteriaId": "A98880D5-40DF-41A2-9924-9CACF78701EB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:wndr3400v3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6803A2E5-5BCE-4DE6-A0EB-3463C81FAD0C", "versionEndExcluding": "1.0.1.32", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:wndr3400v3:-:*:*:*:*:*:*:*", "matchCriteriaId": "37F227D8-332F-4D24-BAEA-AA5DB3E3EC95", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:wnr1000v3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5464DA45-2B33-430F-A16E-B1FE072B1376", "versionEndExcluding": "1.0.2.78", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:wnr1000v3:-:*:*:*:*:*:*:*", "matchCriteriaId": "252E5C7B-EF02-4374-A43E-02FAA9E697D0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:wnr2000v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "01374C4A-4D12-4E77-AF7C-459C32C3579B", "versionEndExcluding": "1.2.0.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:wnr2000v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "31247E55-E754-46D0-9A46-B0D319C21221", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:wnr3500lv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F667392E-F63E-4186-9BA3-7F9A4AA3EC67", "versionEndExcluding": "1.2.0.62", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:wnr3500lv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC3F6D58-D900-41B4-8626-58928866208A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D71EDB94-370B-46C3-A14E-3F3FB130DD49", "versionEndExcluding": "1.0.3.50", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*", "matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before 1.0.0.46, EX6200 before 1.0.3.94, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6250 before 1.0.4.42, R6300v2 before 1.0.4.42, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6700 before 1.0.2.16, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V-200 before 1.0.0.46, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3500RP before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50." }, { "lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un desbordamiento del b\u00fafer por parte de un atacante no autenticado.\u0026#xa0;Esto afecta a CBR40 versiones anteriores a 2.5.0.10, D6220 versiones anteriores a 1.0.0.60, D6400 versiones anteriores a 1.0.0.94, D7000v2 versiones anteriores a 1.0.0.62, D8500 versiones anteriores a 1.0.3.50, DC112A versiones anteriores a 1.0.0.48, DGN2200v4 versiones anteriores a 1.0.0.114, EAX20 versiones anteriores a 1.0.0.36, EAX80 versiones anteriores a 1.0.1.62, EX3700 versiones anteriores a 1.0.0.84, EX3800 versiones anteriores a 1.0.0.84, EX3920 versiones anteriores a 1.0.0.84, EX6000 versiones anteriores a 1.0.0.44, EX6100 versiones anteriores a 1.0.2.28, EX6120 versiones anteriores a 1.0.0.54, EX6130 versiones anteriores a 1.0.0.36, EX6150 versiones anteriores a 1.0.0.46, EX6200 versiones anteriores a 1.0.3.94, EX6920 versiones anteriores a 1.0.0.54, EX7000 versiones anteriores a 1.0.1.90, EX7500 versiones anteriores a 1.0.0.68, MK62 versiones anteriores a 1.0.5.102, MR60 versiones anteriores a 1.0.5.102, MS60 versiones anteriores a 1.0.5.102, R6250 versiones anteriores a 1.0.4.42, R6300v2 versiones anteriores a 1.0.4.42, R6400 versiones anteriores a 1.0.1.62, R6400v2 versiones anteriores a 1.0.4.98, R6700v3 versiones anteriores a 1.0.4.98, R6700 versiones anteriores a 1.0.2.16, R6900P versiones anteriores a 1.3.2.124, R6900 versiones anteriores a 1.0.2.16, R7000 versiones anteriores a 1.0.11.106, R7000P versiones anteriores a 1.3.2.124, R7100LG versiones anteriores a 1.0.0.56, R7850 versiones anteriores a 1.0.5.60, R7900 versiones anteriores a 1.0.4.26, R7900P versiones anteriores a 1.4. 1.62, R7960P versiones anteriores a 1.4.1.62, R8000 versiones anteriores a 1.0.4.58, R8000P versiones anteriores a 1.4.1.62, R8300 versiones anteriores a 1.0.2.134, R8500 versiones anteriores a 1.0.2.134, RAX15 versiones anteriores a 1.0.1.64, RAX20 versiones anteriores a 1.0.1.64, RAX200 versiones anteriores a 1.0.2.102, RAX45 versiones anteriores a 1.0.2.32, RAX50 versiones anteriores a 1.0.2.32, RAX75 versiones anteriores a 1.0.3.102, RAX80 versiones anteriores a 1.0.3.102, RBK752 versiones anteriores a 3.2.16.6, RBR750 versiones anteriores a 3.2.16.6, RBS750 versiones anteriores a 3.2.16.6, RBK842 versiones anteriores a 3.2.16.6, RBR840 versiones anteriores a 3.2.16.6, RBS840 versiones anteriores a 3.2.16.6, RBK852 versiones anteriores a 3.2.16.6, RBR850 versiones anteriores a 3.2.16.6, RBS850 versiones anteriores a 3.2.16.6, RBS40V-200 versiones anteriores a 1.0.0.46, RBW30 versiones anteriores a 2.5.0.4, RS400 versiones anteriores a 1.5.0.48, WN2500RPv2 versiones anteriores a 1.0 .1.56, WN3500RP versiones anteriores a 1.0.0.28, WNDR3400v3 versiones anteriores a 1.0.1.32, WNR1000v3 versiones anteriores a 1.0.2.78, WNR2000v2 versiones anteriores a 1.2.0.12, WNR3500Lv2 versiones anteriores a 1.2.0.62 y XR300 versiones anteriores a 1.0.3.50." } ], "id": "CVE-2020-35796", "lastModified": "2024-11-21T05:28:07.700", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-12-30T00:15:14.160", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://kb.netgear.com/000062717/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0201" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://kb.netgear.com/000062717/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0201" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cve-2020-35796
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:09:15.177Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://kb.netgear.com/000062717/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0201" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before 1.0.0.46, EX6200 before 1.0.3.94, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6250 before 1.0.4.42, R6300v2 before 1.0.4.42, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6700 before 1.0.2.16, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V-200 before 1.0.0.46, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3500RP before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-29T23:29:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://kb.netgear.com/000062717/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0201" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35796", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before 1.0.0.46, EX6200 before 1.0.3.94, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6250 before 1.0.4.42, R6300v2 before 1.0.4.42, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6700 before 1.0.2.16, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V-200 before 1.0.0.46, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3500RP before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "ADJACENT", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://kb.netgear.com/000062717/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0201", "refsource": "MISC", "url": "https://kb.netgear.com/000062717/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0201" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35796", "datePublished": "2020-12-29T23:29:49", "dateReserved": "2020-12-29T00:00:00", "dateUpdated": "2024-08-04T17:09:15.177Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }