N/A

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853.

N/A

栈缓冲区溢出

NETGEAR R6700 缓冲区错误漏洞

NETGEAR R6700是美国网件（NETGEAR）公司的一款无线路由器。TCP（Transmission Control Protocol,传输控制协议）是一种面向连接的、可靠的、基于字节流的传输层通信协议，由IETF的RFC 793定义。 使用V1.0.4.84_10.0.58版本固件的NETGEAR R6700中的acsd服务存在缓冲区错误漏洞，该漏洞源于程序在将用户提交的数据复制到基于栈的固定缓冲区时，没有正确验证该数据的长度。攻击者可利用该漏洞在管理员用户的上下文中执行代码。

N/A

N/A