CVE-2020-15416

Name of the Vulnerable Software and Affected Versions NETGEAR R6700 version 1.0.4.84 10.0.58

Description This issue allows network-adjacent attackers to bypass authentication on affected installations. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this to execute code in the context of root.

Recommendations For NETGEAR R6700 version 1.0.4.84 10.0.58, consider restricting access to the httpd service until a patch is available. As a temporary workaround, limiting the input data length to prevent buffer overflow may help mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.