CVE-2020-28373 Information

Description

upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75 R6400 V1.0.1.62_1.0.41 R7000P V1.3.2.126_10.1.66 XR300 V1.0.3.50_10.3.36 R8000 V1.0.4.62 R8300 V1.0.2.136 R8500 V1.0.2.136 R7300DST V1.0.0.74 R7850 V1.0.5.64 R7900 V1.0.4.30 RAX20 V1.0.2.64 RAX80 V1.0.3.102 and R6250 V1.0.4.44.

Reference

https://github.com/cpeggg/Netgear-upnpd-poc