Описание
Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, exploitability was judged to be of "rather significant complexity" but not "impossible." The overflow is in SoftwareBus_dispatchNormalEPMsgOut in the KCodes NetUSB kernel module. Affected NETGEAR devices are D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122.
Ссылки
- PatchVendor Advisory
- ExploitPatchThird Party Advisory
- PatchVendor Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Одновременно
Одновременно
Одновременно
EPSS
6.5 Medium
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122.
Уязвимость реализации функции oftwareBus_dispatchNormalEPMsgOut() модуля ядра KCodes NetUSB встроенного программного обеспечения Wi-Fi роутеров NETGEAR R6220, R6230, R6400v2, R6700v3, R7000, R7800, программного обеспечения повторителя NETGEAR EX8000, EX6200v2, программного обеспечения DSL-модема D7800, позволяющая нарушителю выполнить произвольный код
EPSS
6.5 Medium
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2