CVE-2020-15636

HIGH Year: 2020
CVSS v3 Score
8.1
High
CVSS v2 Score
10.0
Critical
Weakness Type
CWE-121
View all →

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion in a RAE_Policy.json file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9852.

Related Vulnerabilities

CVE-2019-19333

HIGH
CVSS:8.1(High)

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrus...

CWE-1212019

CVE-2019-19334

HIGH
CVSS:8.1(High)

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse...

CWE-1212019

CVE-2020-25854

HIGH
CVSS:8.1(High)

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt...

CWE-1212020

CVE-2020-25855

HIGH
CVSS:8.1(High)

The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, result...

CWE-1212020

CVE-2020-25856

HIGH
CVSS:8.1(High)

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operatio...

CWE-1212020

CVE-2021-21540

HIGH
CVSS:8.1(High)

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration infor...

CWE-1212021