How severe is CVE-2020-10929?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-10929?

This is classified as CWE-680, which is a common weakness in software security.

CVE-2020-10929

HIGH Year: 2020

CVSS v3 Score

8.8

High

CVSS v2 Score

8.3

High

Weakness Type

CWE-680

View all →

Vulnerability Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768.

CVE-2019-5087

HIGH

CVSS:8.8(High)

An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row...

CWE-6802019

CVE-2020-6099

HIGH

CVSS:8.8(High)

An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow res...

CWE-6802020

CVE-2020-6116

HIGH

CVSS:8.8(High)

An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colors...

CWE-6802020

CVE-2021-21834

HIGH

CVSS:8.8(High)

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the...

CWE-6802021