Unrated severityNVD Advisory· Published Nov 1, 2020· Updated Aug 4, 2024
CVE-2020-28041
CVE-2020-28041
Description
The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- NETGEAR/Nighthawk R7000description
- Range: = 1.0.9.64_10.2.64
Patches
Vulnerability mechanics
References
4- news.ycombinator.com/itemmitrex_refsource_MISC
- news.ycombinator.com/itemmitrex_refsource_MISC
- psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0024mitrex_refsource_CONFIRM
- samy.pl/slipstream/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.