CVE-2020-27872 in R7450info

Zusammenfassung

von MITRE • 05.02.2021

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

27.10.2020

Veröffentlichung

05.02.2021

Moderieren

akzeptiert

Eintrag

VDB-169202

CPE

bereit

CWE

CWE-285 (bestätigt)

CVSS

6.3 (VulDB)

EPSS

0.00898

KEV

nein

Aktivitäten

very low

Sektor

Pharma, Education, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-27872
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-27872
CVE Details	https://www.cvedetails.com/cve/CVE-2020-27872/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!