CVE-2020-27861 - OpenCVE

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netgear	Cbk40 Cbk40 Firmware Cbk43 Cbk43 Firmware Cbr40 Cbr40 Firmware Ex6200 Ex6200 Firmware Ex7700 Ex7700 Firmware Ex8000 Ex8000 Firmware Rbk12 Rbk12 Firmware Rbk13 Rbk13 Firmware Rbk14 Rbk14 Firmware Rbk15 Rbk15 Firmware Rbk20 Rbk20 Router Firmware Rbk20 Satellite Firmware Rbk20w Rbk20w Firmware Rbk22 Rbk22 Router Firmware Rbk22 Satellite Firmware Rbk23 Rbk23 Router Firmware Rbk23 Satellite Firmware Rbk23w Rbk23w Firmware Rbk30 Rbk30 Firmware Rbk33 Rbk33 Firmware Rbk40 Rbk40 Router Firmware Rbk40 Satellite Firmware Rbk43 Rbk43 Router Firmware Rbk43 Satellite Firmware Rbk43s Rbk43s Router Firmware Rbk43s Satellite Firmware Rbk44 Rbk44 Router Firmware Rbk44 Satellite Firmware Rbk50 Rbk50 Firmware Rbk50v Rbk50v Firmware Rbk52w Rbk52w Firmware Rbr10 Rbr10 Firmware Rbr20 Rbr20 Firmware Rbr40 Rbr40 Firmware Rbr50 Rbr50 Firmware Rbs10 Rbs10 Firmware Rbs20 Rbs20 Firmware Rbs40 Rbs40 Firmware Rbs50 Rbs50 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:cbk40_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:cbk43_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*

cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netgear:rbk20w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk20w:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netgear:rbk23w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk23w:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

OR	cpe:2.3:o:netgear:rbk20_router_firmware::::::::
	cpe:2.3:o:netgear:rbk20_satellite_firmware::::::::

cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

OR	cpe:2.3:o:netgear:rbk22_router_firmware::::::::
	cpe:2.3:o:netgear:rbk22_satellite_firmware::::::::

cpe:2.3:h:netgear:rbk22:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

OR	cpe:2.3:o:netgear:rbk23_router_firmware::::::::
	cpe:2.3:o:netgear:rbk23_satellite_firmware::::::::

cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:netgear:rbk30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk30:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:netgear:rbk33_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk33:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

OR	cpe:2.3:o:netgear:rbk40_router_firmware::::::::
	cpe:2.3:o:netgear:rbk40_satellite_firmware::::::::

cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

OR	cpe:2.3:o:netgear:rbk43_router_firmware::::::::
	cpe:2.3:o:netgear:rbk43_satellite_firmware::::::::

cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

OR	cpe:2.3:o:netgear:rbk43s_router_firmware::::::::
	cpe:2.3:o:netgear:rbk43s_satellite_firmware::::::::

cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

OR	cpe:2.3:o:netgear:rbk44_router_firmware::::::::
	cpe:2.3:o:netgear:rbk44_satellite_firmware::::::::

cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:netgear:rbk50v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk50v:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:netgear:rbk52w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk52w:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems
https://www.zerodayinitiative.com/advisories/ZDI-20-1430/

History

No history.

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2021-02-11T23:35:36

Updated: 2024-08-04T16:25:43.503Z

Reserved: 2020-10-27T00:00:00

Link: CVE-2020-27861

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-12T00:15:12.500

Modified: 2021-03-23T18:54:23.193

Link: CVE-2020-27861

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object