Lucene search

ZdiCVELIST:CVE-2020-27861

HistoryFeb 11, 2021 - 11:35 p.m.

CVE-2020-27861

2021-02-1123:35:36

CWE-78

zdi

www.cve.org

netgear orbi

arbitrary code execution

authentication bypass

ua_parser utility

dhcp request

root context

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.5%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

CNA Affected

[
  {
    "product": "Orbi",
    "vendor": "NETGEAR",
    "versions": [
      {
        "status": "affected",
        "version": "2.5.1.16"
      }
    ]
  }
]

References

kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems

www.zerodayinitiative.com/advisories/ZDI-20-1430/

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.5%

JSON

Related for CVELIST:CVE-2020-27861