CVE-2020-15634

Name: CVE-2020-15634
Creator: NVD / NIST
Published: 2020-08-20T01:17:13.163+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.3/10EPSS 1.39%

Last modified Jun 17, 2026

CVE-2020-15634 is a medium-severity vulnerability rated 6.3/10 on the CVSS scale. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. EPSS estimates a 1.39% chance of exploitation in the next 30 days.

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755.

Metrics

CVSS 3.1

6.3/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Probability

1.39%

68.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-134

Affected Software

Vendor	Product	Versions
Netgear	R6700 Firmware	< 1.0.4.98

References

https://kb.netgear.com/000062126/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R6700v3-PSV-2020-0189Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-935/Third Party Advisory, VDB Entry
https://kb.netgear.com/000062126/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R6700v3-PSV-2020-0189Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-935/Third Party Advisory, VDB Entry

Timeline

Published: Aug 20, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-15634?

How severe is CVE-2020-15634?

CVE-2020-15634 has a CVSS score of 6.3/10 (MEDIUM severity). The EPSS model estimates a 1.39% probability of exploitation in the next 30 days.

How do I fix CVE-2020-15634?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-15634?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST