Lucene search

[email protected]NVD:CVE-2020-27861

HistoryFeb 12, 2021 - 12:15 a.m.

CVE-2020-27861

2021-02-1200:15:12

CWE-78

[email protected]

web.nvd.nist.gov

vulnerability

netgear orbi

arbitrary code execution

ua_parser

system call

dhcp request

root context

zdi-can-11076

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.5%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

Affected configurations

Nvd

Node

netgearcbk40Match-

AND

netgearcbk40_firmwareRange<2.6.1.38

Node

netgearcbk43Match-

AND

netgearcbk43_firmwareRange<2.6.1.38

Node

netgearcbr40Match-

AND

netgearcbr40_firmwareRange<2.6.1.38

Node

netgearex6200Matchv2

AND

netgearex6200_firmwareRange<1.0.1.82

Node

netgearex7700Match-

AND

netgearex7700_firmwareRange<1.0.0.210

Node

netgearex8000Match-

AND

netgearex8000_firmwareRange<1.0.1.224

Node

netgearrbk12Match-

AND

netgearrbk12_firmwareRange<2.6.1.44

Node

netgearrbk13Match-

AND

netgearrbk13_firmwareRange<2.6.1.44

Node

netgearrbk14_firmwareRange<2.6.1.44

AND

netgearrbk14Match-

Node

netgearrbk15_firmwareRange<2.6.1.44

AND

netgearrbk15Match-

Node

netgearrbr10_firmwareRange<2.6.1.44

AND

netgearrbr10Match-

Node

netgearrbs10_firmwareRange<2.6.1.44

AND

netgearrbs10Match-

Node

netgearrbk20w_firmwareRange<2.6.1.36

AND

netgearrbk20wMatch-

Node

netgearrbk23w_firmwareRange<2.6.1.36

AND

netgearrbk23wMatch-

Node

netgearrbk20_router_firmwareRange<2.6.1.36

netgearrbk20_satellite_firmwareRange<2.6.1.38

AND

netgearrbk20Match-

Node

netgearrbk22_router_firmwareRange<2.6.1.36

netgearrbk22_satellite_firmwareRange<2.6.1.38

AND

netgearrbk22Match-

Node

netgearrbk23_router_firmwareRange<2.6.1.36

netgearrbk23_satellite_firmwareRange<2.6.1.38

AND

netgearrbk23Match-

Node

netgearrbr20_firmwareRange<2.6.1.36

AND

netgearrbr20Match-

Node

netgearrbs20_firmwareRange<2.6.1.38

AND

netgearrbs20Match-

Node

netgearrbk30_firmwareRange<2.6.1.36

AND

netgearrbk30Match-

Node

netgearrbk33_firmwareRange<2.6.1.36

AND

netgearrbk33Match-

Node

netgearrbk40_router_firmwareRange<2.6.1.36

netgearrbk40_satellite_firmwareRange<2.6.1.38

AND

netgearrbk40Match-

Node

netgearrbk43_router_firmwareRange<2.6.1.36

netgearrbk43_satellite_firmwareRange<2.6.1.38

AND

netgearrbk43Match-

Node

netgearrbk43s_router_firmwareRange<2.6.1.36

netgearrbk43s_satellite_firmwareRange<2.6.1.38

AND

netgearrbk43sMatch-

Node

netgearrbk44_router_firmwareRange<2.6.1.36

netgearrbk44_satellite_firmwareRange<2.6.1.38

AND

netgearrbk44Match-

Node

netgearrbr40_firmwareRange<2.6.1.36

AND

netgearrbr40Match-

Node

netgearrbs40_firmwareRange<2.6.1.38

AND

netgearrbs40Match-

Node

netgearrbk50_firmwareRange<2.6.1.40

AND

netgearrbk50Match-

Node

netgearrbk50v_firmwareRange<2.6.1.40

AND

netgearrbk50vMatch-

Node

netgearrbk52w_firmwareRange<2.6.1.40

AND

netgearrbk52wMatch-

Node

netgearrbr50_firmwareRange<2.6.1.40

AND

netgearrbr50Match-

Node

netgearrbs50_firmwareRange<2.6.1.40

AND

netgearrbs50Match-

VendorProductVersionCPE
netgearcbk40-cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*
netgearcbk40_firmware*cpe:2.3:o:netgear:cbk40_firmware:*:*:*:*:*:*:*:*
netgearcbk43-cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*
netgearcbk43_firmware*cpe:2.3:o:netgear:cbk43_firmware:*:*:*:*:*:*:*:*
netgearcbr40-cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*
netgearcbr40_firmware*cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*
netgearex6200v2cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*
netgearex6200_firmware*cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*
netgearex7700-cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*
netgearex7700_firmware*cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	cbk40	-	cpe:2.3:h:netgear:cbk40:-:::::::*
netgear	cbk40_firmware	*	cpe:2.3:o:netgear:cbk40_firmware::::::::
netgear	cbk43	-	cpe:2.3:h:netgear:cbk43:-:::::::*
netgear	cbk43_firmware	*	cpe:2.3:o:netgear:cbk43_firmware::::::::
netgear	cbr40	-	cpe:2.3:h:netgear:cbr40:-:::::::*
netgear	cbr40_firmware	*	cpe:2.3:o:netgear:cbr40_firmware::::::::
netgear	ex6200	v2	cpe:2.3:h:netgear:ex6200:v2:::::::*
netgear	ex6200_firmware	*	cpe:2.3:o:netgear:ex6200_firmware::::::::
netgear	ex7700	-	cpe:2.3:h:netgear:ex7700:-:::::::*
netgear	ex7700_firmware	*	cpe:2.3:o:netgear:ex7700_firmware::::::::

Rows per page:

1-10 of 711

References

kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems

www.zerodayinitiative.com/advisories/ZDI-20-1430/

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.5%

JSON

Related for NVD:CVE-2020-27861

cve1 cvelist1 zdi1 prion1