N/A

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755.

N/A

使用外部控制的格式字符串

NETGEAR R6700 格式化字符串错误漏洞

NETGEAR R6700是美国网件（NETGEAR）公司的一款无线路由器。 使用1.0.4.84_10.0.58版本固件的NETGEAR R6700中存在格式化字符串错误漏洞，该漏洞源于在使用用户提交的字符串之前，程序没有正确验证该字符串。攻击者可利用该漏洞在Wen服务器的上下文中执行任意代码。

N/A

N/A