CVE-2020-10927

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
8.3
High
Weakness Type
CWE-327
View all →

Vulnerability Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649.

Related Vulnerabilities

CVE-2002-2058

HIGH
CVSS:7.5(High)

TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash...

CWE-3272002

CVE-2005-2946

HIGH
CVSS:7.5(High)

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certif...

CWE-3272005

CVE-2007-4150

HIGH
CVSS:7.5(High)

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information ...

CWE-3272007

CVE-2008-3188

HIGH
CVSS:7.5(High)

libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.

CWE-3272008

CVE-2012-5623

HIGH
CVSS:7.5(High)

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.

CWE-3272012

CVE-2015-0226

HIGH
CVSS:7.5(High)

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to...

CWE-3272015