{"containers": {"cna": {"affected": [{"product": "R7450", "vendor": "NETGEAR", "versions": [{"status": "affected", "version": "1.2.0.62_1.0.1"}]}], "credits": [{"lang": "en", "value": "1sd3d of Viettel Cyber Security"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-642", "description": "CWE-642: External Control of Critical State Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-02-04T16:45:17.000Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/"}, {"tags": ["x_refsource_MISC"], "url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "zdi-disclosures@trendmicro.com", "ID": "CVE-2020-27872", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "R7450", "version": {"version_data": [{"version_value": "1.2.0.62_1.0.1"}]}}]}, "vendor_name": "NETGEAR"}]}}, "credit": "1sd3d of Viettel Cyber Security", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365."}]}, "impact": {"cvss": {"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-642: External Control of Critical State Data"}]}]}, "references": {"reference_data": [{"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/"}, {"name": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers", "refsource": "MISC", "url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:25:43.683Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"}]}]}, "cveMetadata": {"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2020-27872", "datePublished": "2021-02-04T16:45:17.000Z", "dateReserved": "2020-10-27T00:00:00.000Z", "dateUpdated": "2024-08-04T16:25:43.683Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A", "versionEndExcluding": "1.2.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B01C772-D1D4-41F1-A33D-72A6A672502A", "versionEndExcluding": "1.2.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB", "versionEndExcluding": "1.2.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0FCF958-2F6A-4B79-B307-2FE23B7CE8FC", "versionEndExcluding": "1.2.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*", "matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0", "versionEndExcluding": "1.2.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*", "matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E9457F1-F5E8-43CA-8697-3849E140B0CC", "versionEndExcluding": "1.2.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*", "matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB", "versionEndExcluding": "1.2.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF", "versionEndExcluding": "1.2.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF", "versionEndExcluding": "1.2.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1", "versionEndExcluding": "1.2.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E662BF37-5D81-4B9F-898E-F91B09821555", "versionEndExcluding": "1.1.0.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", "matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CD4B6F1-E58F-4B96-BF51-729F59FA1C8B", "versionEndExcluding": "1.1.0.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*", "matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6", "versionEndExcluding": "1.1.0.78", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBA2E978-FFF7-470D-90BA-4DBDC009B076", "versionEndExcluding": "1.1.0.78", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*", "matchCriteriaId": "D621D26D-B144-424A-A9CB-19488399ACC1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2AE3CE4-23B0-467E-B522-A211048D6AF3", "versionEndExcluding": "1.1.0.78", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B302909-29CF-4E53-9CCB-8664D3FCB03A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34", "versionEndExcluding": "1.1.0.78", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*", "matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B373C515-681A-4D80-9BFD-5E2DFD6F2DF0", "versionEndExcluding": "1.0.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*", "matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EC58A4B-E061-49ED-BB2D-E0497846DBEE", "versionEndExcluding": "1.0.0.48", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008", "versionEndExcluding": "1.0.0.48", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365."}, {"lang": "es", "value": "Esta vulnerabilidad permite a atacantes adyacentes a la red omitir la autenticaci\u00f3n en las instalaciones afectadas de los enrutadores NETGEAR R7450 versi\u00f3n 1.2.0.62_1.0.1. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico se presenta dentro del servicio mini_httpd, que escucha en el puerto TCP 80 por defecto. El problema resulta de un seguimiento inapropiado del estado en el proceso de recuperaci\u00f3n de la contrase\u00f1a. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo en el contexto root. Fue ZDI-CAN-11365"}], "id": "CVE-2020-27872", "lastModified": "2024-11-21T05:21:58.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-04T17:15:13.293", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-071/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-642"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}