Giters

cpeggg / Netgear-upnpd-poc

Netgear upnpd ssdp request process stack overflow poc

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Netgear-upnpd-poc

Netgear upnpd request process stack overflow.

Any user can get remote code execution through LAN, this vulnerability currently affects latest R、RAX、XR series, including R6400v2(V1.0.4.102_10.0.75), R6400(V1.0.1.62_1.0.41), R7000P(V1.3.2.126_10.1.66), XR300(V1.0.3.50_10.3.36), R8000(V1.0.4.62), R8300(V1.0.2.136), R8500(V1.0.2.136), R7300DST(V1.0.0.74), R7850(V1.0.5.64), R7900(V1.0.4.30), R8000(V1.0.4.62), R8300(V1.0.2.136), R8500(V1.0.2.136), RAX20(V1.0.2.64), RAX80(V1.0.3.102), R6250(V1.0.4.44), we believe there are much more models suffered from this vuln.

Vulnerability description

This vulnerability happen when upnpd receive and process specific message and copy the user data the stack buffer, attackers can exploit this to get remote code execution.

Poc

Refer to this video: pov.mkv

Timeline

2020.11.9 report to CVE and Netgear

CVE ID

CVE-2020-28373

Acknowledgment

Credit to @peanuts, @leonW7 and @cpegg from Technology Research Institute of Legendsec at Qi'anxin Group.

About

Netgear upnpd ssdp request process stack overflow poc