{"containers": {"cna": {"affected": [{"product": "Orbi", "vendor": "NETGEAR", "versions": [{"status": "affected", "version": "2.5.1.16"}]}], "credits": [{"lang": "en", "value": "Shaunak Mirani"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-12T13:50:22.000Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/"}, {"tags": ["x_refsource_MISC"], "url": "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "zdi-disclosures@trendmicro.com", "ID": "CVE-2020-27861", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Orbi", "version": {"version_data": [{"version_value": "2.5.1.16"}]}}]}, "vendor_name": "NETGEAR"}]}}, "credit": "Shaunak Mirani", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076."}]}, "impact": {"cvss": {"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]}, "references": {"reference_data": [{"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/"}, {"name": "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems", "refsource": "MISC", "url": "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:25:43.503Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems"}]}]}, "cveMetadata": {"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2020-27861", "datePublished": "2021-02-11T23:35:36.000Z", "dateReserved": "2020-10-27T00:00:00.000Z", "dateUpdated": "2024-08-04T16:25:43.503Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:cbk40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DA0F1EB-D7F3-466B-BE3F-0600C4120870", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*", "matchCriteriaId": "E526746E-1ED6-492E-B28C-A1CA8235D9FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:cbk43_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A41A8FB-9891-4553-BD1E-BB11D904D774", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*", "matchCriteriaId": "582259CB-2616-4A3F-A9B6-C44640C00B11", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C9B6DD4-11E1-496F-909F-0A50203A8D01", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFB377D0-AF61-4A9F-B9B5-71F68B13E081", "versionEndExcluding": "1.0.1.82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", "matchCriteriaId": "B4F62287-CB55-4FB1-AA39-62018654BA39", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6566C37A-252E-4301-952E-5C6F19F42326", "versionEndExcluding": "1.0.0.210", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "456DA66C-6B99-4D0D-8F32-952905F9C752", "versionEndExcluding": "1.0.1.224", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D9781C9-799A-4BDA-A027-987627A01633", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EC30751-F447-45A7-8C57-B73042869EA5", "versionEndExcluding": "2.6.1.44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5465A78-4826-4F72-9CBE-528CBF286A79", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E7758BF-0AE4-46DB-A014-734F68AEEAA0", "versionEndExcluding": "2.6.1.44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", "matchCriteriaId": "783EEEE0-BB9A-4C54-82B2-046B1033091C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7CD38DB-B4A3-460E-8F89-E85A0E0F5BD3", "versionEndExcluding": "2.6.1.44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", "matchCriteriaId": "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E25990D-C38A-44E7-A301-AB9E80A9D5CA", "versionEndExcluding": "2.6.1.44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", "matchCriteriaId": "B801EC38-5B86-49F2-AB81-63F0F07A9BBE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8246B8D3-8455-43B1-B0FA-F677B8FF84F5", "versionEndExcluding": "2.6.1.44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "28DA498C-B466-422E-BAD2-A1F9A15B157F", "versionEndExcluding": "2.6.1.44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", "matchCriteriaId": "32BAB5C0-F645-4A90-833F-6345335FA1AF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk20w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "78B13562-D83E-4FDB-9EFF-CA9178487F6D", "versionEndExcluding": "2.6.1.36", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk20w:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCD3D5A1-AD84-448C-9749-6E6050BC7BD5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk23w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AF75EFB-3A9E-49C8-AC78-62E85A565BA5", "versionEndExcluding": "2.6.1.36", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk23w:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1922BDC-5675-40D6-ACB1-DA37CE29E983", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk20_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CC4CE9F-0BE6-411B-88DA-B556BF176A03", "versionEndExcluding": "2.6.1.36", "vulnerable": true}, {"criteria": "cpe:2.3:o:netgear:rbk20_satellite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D00E9E02-41D7-449E-990E-B6D77E257C66", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6C9F31C-3E12-4787-9C9B-14883D9D152A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk22_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBEC1C34-0D1B-4F04-972B-631C5D4C949B", "versionEndExcluding": "2.6.1.36", "vulnerable": true}, {"criteria": "cpe:2.3:o:netgear:rbk22_satellite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "441F02E6-28B8-4370-AFE0-CC0AC7BAE468", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk22:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E1BA765-5318-4A96-885D-3078148A74E4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk23_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5679C75-E6C0-42A3-8F0C-AB01E521C654", "versionEndExcluding": "2.6.1.36", "vulnerable": true}, {"criteria": "cpe:2.3:o:netgear:rbk23_satellite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F03405C-03F0-4519-AB67-DF130B2F6A58", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", "matchCriteriaId": "17D7D346-6F52-4473-A4EA-6059C177BF0F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C80BEFF8-7094-4F21-B9E7-EE5C8B9DF3B3", "versionEndExcluding": "2.6.1.36", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "04F03BE5-1440-4BC4-B902-97E702ED0ADF", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", "matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C67589C-60B0-4E0C-8A96-B14ACCDA3530", "versionEndExcluding": "2.6.1.36", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk30:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC72B028-AB28-43FC-9675-60CC8BAC0D03", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk33_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "728792F6-E1F9-4091-A3B7-E14E38046887", "versionEndExcluding": "2.6.1.36", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk33:-:*:*:*:*:*:*:*", "matchCriteriaId": "69EEAF94-1853-49A7-979E-A72393C9D2BE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk40_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D0E7860-D090-4292-8695-6ADC62DBBF45", "versionEndExcluding": "2.6.1.36", "vulnerable": true}, {"criteria": "cpe:2.3:o:netgear:rbk40_satellite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "126A1A8E-6D4F-487C-A6C0-D3EB2227373F", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", "matchCriteriaId": "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk43_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA824C34-9C10-4267-8756-CAB2D6C059E1", "versionEndExcluding": "2.6.1.36", "vulnerable": true}, {"criteria": "cpe:2.3:o:netgear:rbk43_satellite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AE23B04-F203-43A4-AEFB-7B97C27AE8D9", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC2B9C48-9FE6-462B-88EE-046F15E66430", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk43s_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "90F559B5-D5B4-4A64-8739-9A085A648A3E", "versionEndExcluding": "2.6.1.36", "vulnerable": true}, {"criteria": "cpe:2.3:o:netgear:rbk43s_satellite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BEB1817-8191-407B-97B2-3D93BCCB4184", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5604E66-E9CC-4B78-AF6A-2341B30E3594", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk44_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "71232620-E9DE-4227-B531-685BB33BF3AC", "versionEndExcluding": "2.6.1.36", "vulnerable": true}, {"criteria": "cpe:2.3:o:netgear:rbk44_satellite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "08102CF5-1CB9-4839-84F9-54233F4B1F09", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", "matchCriteriaId": "1924FC8B-4031-4EA3-B214-AF6F77D94654", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E21623E-9977-486F-93B1-858FC407E9D1", "versionEndExcluding": "2.6.1.36", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A32769CF-7D0A-4A3F-AF20-6202CA0C6870", "versionEndExcluding": "2.6.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FDCDE39-0355-43B9-BF57-F3718DA2988D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0E3BFCB-BFF8-4722-BE48-5FA93CACD3AD", "versionEndExcluding": "2.6.1.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA66D07-D017-49D6-8E72-5C48E940DE1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk50v_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5540756-07E2-463E-8B45-87A1FEEE0B1D", "versionEndExcluding": "2.6.1.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk50v:-:*:*:*:*:*:*:*", "matchCriteriaId": "54453B5D-4E51-4DAB-8670-5A99C0D4CE3E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk52w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "426AA184-3B9E-42AF-85E2-F034D7E9B845", "versionEndExcluding": "2.6.1.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk52w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6FABBC7-5C16-4630-8185-AADF3A9D6E69", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "39D6318D-F5A2-4469-B508-075F2825F0FA", "versionEndExcluding": "2.6.1.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F44708A-C946-4E0F-9D6C-A91AFB4C9EF3", "versionEndExcluding": "2.6.1.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076."}, {"lang": "es", "value": "Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de los enrutadores NETGEAR Orbi versi\u00f3n 2.5.1.16. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico se presenta dentro de la utilidad UA_Parser. Una opci\u00f3n de nombre de host dise\u00f1ada en una petici\u00f3n DHCP puede desencadenar la ejecuci\u00f3n de una llamada de sistema compuesta a partir de una cadena suministrada por el usuario. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de root. Era ZDI-CAN-11076"}], "id": "CVE-2020-27861", "lastModified": "2024-11-21T05:21:57.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-12T00:15:12.500", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}