CVE-2020-28373
HIGHNETGEAR Multiple Router Models Firmware - Remote Code Execution via UPnP Stack Buffer Overflow
Title source: llmDescription
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.
References (1)
Core 1
Core References
Broken Link, Third Party Advisory x_refsource_misc
https://github.com/cpeggg/Netgear-upnpd-poc
Scores
CVSS v3
8.8
EPSS
0.0011
EPSS Percentile
28.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (13)
netgear/r6250_firmware
1.0.4.44
netgear/r6400_firmware
1.0.1.62_1.0.41
netgear/r6400v2_firmware
1.0.4.102_10.0.75
netgear/r7000p_firmware
1.3.2.126_10.1.66
netgear/r7300dst_firmware
1.0.0.74
netgear/r7850_firmware
1.0.5.64
netgear/r7900_firmware
1.0.4.30
netgear/r8000_firmware
1.0.4.62
netgear/r8300_firmware
1.0.2.136
netgear/r8500_firmware
1.0.2.136
... and 3 more
Published
Nov 09, 2020
Tracked Since
Feb 18, 2026