Vulnerability Details CVE-2020-28373
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 8.3
Products affected by CVE-2020-28373
-
cpe:2.3:h:netgear:r6250:-
-
cpe:2.3:h:netgear:r6400:-
-
cpe:2.3:h:netgear:r6400v2:-
-
cpe:2.3:h:netgear:r7000p:-
-
cpe:2.3:h:netgear:r7300dst:-
-
cpe:2.3:h:netgear:r7850:-
-
cpe:2.3:h:netgear:r7900:-
-
cpe:2.3:h:netgear:r8000:-
-
cpe:2.3:h:netgear:r8300:-
-
cpe:2.3:h:netgear:r8500:-
-
cpe:2.3:h:netgear:rax20:-
-
cpe:2.3:h:netgear:rax80:-
-
cpe:2.3:h:netgear:xr300:-
-
cpe:2.3:o:netgear:r6250_firmware:1.0.4.44
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.62_1.0.41
-
cpe:2.3:o:netgear:r6400v2_firmware:1.0.4.102_10.0.75
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.2.126_10.1.66
-
cpe:2.3:o:netgear:r7300dst_firmware:1.0.0.74
-
cpe:2.3:o:netgear:r7850_firmware:1.0.5.64
-
cpe:2.3:o:netgear:r7900_firmware:1.0.4.30
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.62
-
cpe:2.3:o:netgear:r8300_firmware:1.0.2.136
-
cpe:2.3:o:netgear:r8500_firmware:1.0.2.136
-
cpe:2.3:o:netgear:rax20_firmware:1.0.2.64
-
cpe:2.3:o:netgear:rax80_firmware:1.0.3.102
-
cpe:2.3:o:netgear:xr300_firmware:1.0.3.50_10.3.36