Executive Summary
Summary | |
---|---|
Title | Netgear httpd upgrade_check.cgi stack buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#576779 | First vendor Publication | 2020-06-26 |
Vendor | VU-CERT | Last vendor Modification | 2020-06-26 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
OverviewMultiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgrade_check.cgi, which may allow for unauthenticated remote code execution with root privileges. DescriptionMany Netgear devices contain an embedded web server, which is provided by the httpd process, to provide administrative capabilities. On multiple Netgear devices, this code fails to properly validate the header size provided to the upgrade_check.cgi handler. Despite copying the header to a fixed-size buffer on the stack, the vulnerable code copies an attacker-provided count of bytes from attacker-provided data. This allows for remote code execution by way of stack buffer overflow. This vulnerability is exacerbated by a number of issues:
Exploit code that targets 79 different Netgear devices is publicly available. ImpactBy convincing a user to visit a malicious or compromised website, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable device with root privileges. SolutionApply an updateNetgear has provided updates for several vulnerable devices. Note that Netgear does not indicate when devices have reached an end of life (EOL) state. This may be difficult to determine if a vulnerable device may receive an update in the future. The CERT/CC has made a spreadsheet to more clearly indicate which devices have updates, and which devices may either be receiving an update in the future, or may possibly be unsupported. As outlined in the blog post It's Time to Retire Your Unsupported Things, you should factor the vendor's support life span into purchasing decisions. Vendors that indicate how long products will be supported should be preferred over those that do not clearly indicate how long a device will be supported. Similarly, vendors that clearly indicate when a product has reached EOL state should be preferred over vendors that do not. AcknowledgementsThis vulnerability was publicly disclosed by ZDI, who in turn credit d4rkn3ss from VNPT ISC. Additional analysis was provided by GRIMM. This document was written by Will Dormann. |
Original Source
Url : https://kb.cert.org/vuls/id/576779 |
Alert History
Date | Informations |
---|---|
2020-06-27 00:17:28 |
|