Netgear R8300 upnpd 未授权远程代码执行漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

**SSD Advisory – Netgear Nighthawk R8300 upnpd PreAuth RCE** August 18, 2020 [SSD Disclosure / Noam Rathaus](https://ssd-disclosure.com/author/noamr/) [Uncategorized](https://ssd-disclosure.com/category/uncategorized/) **TL;DR** Find out how we exploited an unauthenticated Netgear Nighthawk R8300 vulnerability and gained root access to the device. **Vulnerability Summary** The Nighthawk X8 AC5000 (R8300) router released in 2014, is a popular device sold by Netgear with almost 2000 positive reviews on Amazon. A vulnerability in the way the R8300 handles UPNP packets allows unauthenticated attackers to cause the device to overflow an internal buffer and execute arbitrary code with the privileges of the ‘root’ user. **Credit** An independent Security Researcher has reported this vulnerability to SSD Secure Disclosure program. **Affected Systems** Netgear Nighthawk R8300 running firmware versions prior to 1.0.2.134 **Vendor Response** The vendor has released a patch and an advisory:...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息