CVE-2020-28373

Name of the Vulnerable Software and Affected Versions NETGEAR R6400v2 version 1.0.4.102 10.0.75 NETGEAR R6400 version 1.0.1.62 1.0.41 NETGEAR R7000P version 1.3.2.126 10.1.66 NETGEAR XR300 version 1.0.3.50 10.3.36 NETGEAR R8000 version 1.0.4.62 NETGEAR R8300 version 1.0.2.136 NETGEAR R8500 version 1.0.2.136 NETGEAR R7300DST version 1.0.0.74 NETGEAR R7850 version 1.0.5.64 NETGEAR R7900 version 1.0.4.30 NETGEAR RAX20 version 1.0.2.64 NETGEAR RAX80 version 1.0.3.102 NETGEAR R6250 version 1.0.4.44

Description The upnpd service on certain NETGEAR devices allows remote attackers to execute arbitrary code via a stack-based buffer overflow. This issue can be exploited by attackers on the local area network (LAN).

Recommendations For NETGEAR R6400v2 version 1.0.4.102 10.0.75, update to a newer version that contains a fix for this issue. For NETGEAR R6400 version 1.0.1.62 1.0.41, update to a newer version that contains a fix for this issue. For NETGEAR R7000P version 1.3.2.126 10.1.66, update to a newer version that contains a fix for this issue. For NETGEAR XR300 version 1.0.3.50 10.3.36, update to a newer version that contains a fix for this issue. For NETGEAR R8000 version 1.0.4.62, update to a newer version that contains a fix for this issue. For NETGEAR R8300 version 1.0.2.136, update to a newer version that contains a fix for this issue. For NETGEAR R8500 version 1.0.2.136, update to a newer version that contains a fix for this issue. For NETGEAR R7300DST version 1.0.0.74, update to a newer version that contains a fix for this issue. For NETGEAR R7850 version 1.0.5.64, update to a newer version that contains a fix for this issue. For NETGEAR R7900 version 1.0.4.30, update to a newer version that contains a fix for this issue. For NETGEAR RAX20 version 1.0.2.64, update to a newer version that contains a fix for this issue. For NETGEAR RAX80 version 1.0.3.102, update to a newer version that contains a fix for this issue. For NETGEAR R6250 version 1.0.4.44, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.