Login Sign Up

CVE-2020-27337

7.3 HIGH
Denial of Service

📋 TL;DR

CVE-2020-27337 is an improper input validation vulnerability in Treck's IPv6 stack that allows unauthenticated remote attackers to trigger an out-of-bounds write via network access. This can lead to denial of service or potentially remote code execution. Any system using affected versions of Treck's TCP/IP stack is vulnerable.

💻 Affected Systems

Products:
  • Treck TCP/IP Stack
  • Products embedding Treck TCP/IP Stack
Versions: IPv6 component before version 6.0.1.68
Operating Systems: Any OS using affected Treck stack (embedded systems, IoT devices, network equipment)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects any system with IPv6 enabled using vulnerable Treck stack versions. Many embedded devices and network equipment use this stack.

📦 What is this software?

Ipv6 by Treck

View all CVEs affecting Ipv6 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise and potential lateral movement within the network.

🟠

Likely Case

Denial of service causing system crashes, reboots, or instability of network services.

🟢

If Mitigated

Limited to denial of service with proper network segmentation and intrusion prevention systems.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation via network packets makes internet-facing systems prime targets.
🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require attacker presence on the network.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious IPv6 packets but doesn't require authentication. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.0.1.68 or later

Vendor Advisory: https://treck.com/vulnerability-response-information/

Restart Required: Yes

Instructions:

1. Contact Treck or your device vendor for updated firmware/software. 2. Apply patch version 6.0.1.68 or later. 3. Reboot affected systems. 4. Verify patch installation.

🔧 Temporary Workarounds

Disable IPv6

all

Disable IPv6 functionality if not required for operations

System-specific commands vary by OS/device

Network Segmentation

all

Segment affected devices from untrusted networks

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable devices
  • Deploy intrusion prevention systems to detect and block malicious IPv6 traffic

🔍 How to Verify

Check if Vulnerable:

Check Treck stack version in device firmware/software documentation or vendor advisories

Check Version:

Device-specific - consult vendor documentation

Verify Fix Applied:

Verify Treck stack version is 6.0.1.68 or later after patching

📡 Detection & Monitoring

Log Indicators:

  • System crashes, reboots, or abnormal termination of network services
  • Memory corruption errors in system logs

Network Indicators:

  • Malformed IPv6 packets targeting vulnerable systems
  • Unusual IPv6 traffic patterns

SIEM Query:

source_ip IN (external_ips) AND dest_ip IN (vulnerable_devices) AND protocol=ipv6 AND packet_size>normal_range

📊 Metadata

CVE ID: CVE-2020-27337
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-20
Published: December 22, 2020
Last Updated: September 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27337, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)