NETGEAR.Multiple.Products.Firmware.Upload.Stack.Buffer.Overflow
- 特征库ID:
49489
- 漏洞级别:
high
- CVE ID:
CVE-2020-15416
- 建议的动作:
drop
- 受影响的系统:
Other
- 协议:
攻击漏洞描述
这表明攻击企图利用 Netgear 产品中的缓冲区溢出漏洞。该漏洞是由于对固件文件头中用户提供的数据长度的验证不当造成的。远程攻击者可以通过诱使受害者使用易受攻击的软件版本打开精心制作的固件文件来利用此漏洞。成功利用可能导致代码在用户的安全上下文下执行。失败的漏洞利用可能会使应用程序崩溃,从而导致拒绝服务情况。
影响范围
AC1450 All versions
D6220 v1.0.0.52
D6300 All versions
D6400 v1.0.0.88
D7000v2 v1.0.0.56
D8500 v1.0.3.44
DC112A v1.0.0.44
DGN2200v1 All versions
DGN2200M All versions
DGN2200v4 v1.0.0.110
DGND3700v1 All versions
EAX20 v1.0.0.32
EAX80 v1.0.0.36
EX3700 v1.0.0.78
EX3800 v1.0.0.78
EX3920 v1.0.0.78
EX6000 v1.0.0.38
EX6100 v1.0.2.24
EX6120 v1.0.0.48
EX6130 v1.0.0.30
EX6150 v1.0.0.42
EX6200 v1.0.3.90
EX6920 v1.0.0.40
EX7000 v1.1.0.84
EX7500 v1.0.0.52
LG2200D All versions
MBM621 All versions
MBR1200 All versions
MBR1515 All versions
MBR1516 All versions
MBR624GU All versions
MBRN3000 All versions
MVBR1210C All versions
R4500 All versions
R6200 All versions
R6200v2 All versions
R6250 v1.0.4.38
R6300v1 All versions
R6300v2 v1.0.4.36
R6400 v1.0.1.52
R6400v2 v1.0.4.84
R6700 V1.0.2.8
R6700v3 v1.0.4.84
R6900 v1.0.2.8
R6900P v1.3.1.64
R7000 v1.0.11.100
R7000P v1.3.1.64
R7100LG v1.0.0.52
R7300DST All versions
R7850 v1.0.5.48
R7900 v1.0.3.18
R7900P v1.4.1.50
R8000 v1.0.4.46
R8000P v1.4.1.50
R8300 v1.0.2.130
R8500 v1.0.2.130
RS400 v1.5.0.34
WGR614v10 All versions
WGR614v8 All versions
WGR614v9 All versions
WGT624v4 All versions
WN2500RP All versions
WN2500RPv2 All versions
WN3000RP All versions
WN3000RPv2 All versions
WN3000RPv3 All versions
WN3100RP All versions
WN3100RPv2 All versions
WN3500RP All versions
WNCE3001 All versions
WNCE3001v2 All versions
WNDR3300v1 All versions
WNDR3300v2 All versions
WNDR3400v1 All versions
WNDR3400v2 All versions
WNDR3400v3 All versions
WNDR3700v3 All versions
WNDR4000 All versions
WNDR4500 All versions
WNDR4500v2 All versions
WNR1000v3 v1.0.2.72
WNR2000v2 v1.2.0.8
WNR3500v1 All versions
WNR3500Lv1 All versions
WNR3500Lv2 v1.2.0.56
WNR3500v2 All versions
WNR834Bv2 All versions
XR300 v1.0.3.38
可能带来的后果
系统被入侵:远程攻击者可以控制易受攻击的系统。
解决办法
应用供应商提供的最新升级或补丁。 https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders