SB2020061609 - Multiple vulnerabilities in NETGEAR R6700 routers
Published: June 16, 2020 Updated: June 16, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Improper Authentication (CVE-ID: N/A)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests within the UPnP service. A remote attacker on the local network can send a specially crafted UPnP message, bypass authentication process and gain unauthorized access to the application.
2) Stack-based buffer overflow (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the UPnP service. A remote attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system in the context of root.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Improper Certificate Validation (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.
The vulnerability exists due to a missing certification validation within the downloading of files via HTTPS. A remote attacker on the local network can gain access to sensitive information on the target system.
4) Download of code without integrity check (CVE-ID: N/A)
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to software does not perform software integrity check when downloading updates within the "check_ra" functionality. A remote attacker on the local network with ability to perform man-in-the-middle (MitM) attack can supply a malicious software image and gain full control over the affected system after a successful software update.
5) Use of a broken or risky cryptographic algorithm (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary code on the target system
The vulnerability exists due to the weak encryption of firmware update images within the "check_ra" functionality. An attacker on the local network can execute arbitrary code on the system.
6) Heap-based buffer overflow (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of string table file uploads. A remote attacker can pass specially crafted data to the applicatoin, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Integer overflow (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the handling of string table file uploads. A remote attacker on the local network can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system in the context of the admin user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Information disclosure (CVE-ID: N/A)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper access control within the handling of URLs. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
9) Stack-based buffer overflow (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the httpd service. A remote attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system in the context of root.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Stack-based buffer overflow (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of string table file uploads. A remote attacker on the local network can use a specially crafted "gui_region" in a string table file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.zerodayinitiative.com/advisories/ZDI-20-703/
- https://www.zerodayinitiative.com/advisories/ZDI-20-704/
- https://www.zerodayinitiative.com/advisories/ZDI-20-705/
- https://www.zerodayinitiative.com/advisories/ZDI-20-706/
- https://www.zerodayinitiative.com/advisories/ZDI-20-707/
- https://www.zerodayinitiative.com/advisories/ZDI-20-708/
- https://www.zerodayinitiative.com/advisories/ZDI-20-709/
- https://www.zerodayinitiative.com/advisories/ZDI-20-711/
- https://www.zerodayinitiative.com/advisories/ZDI-20-712/
- https://www.zerodayinitiative.com/advisories/ZDI-20-713/