CVE-2020-27861

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:cbk40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:cbk43_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netgear:rbk20w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk20w:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netgear:rbk23w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk23w:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
OR cpe:2.3:o:netgear:rbk20_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk20_satellite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
OR cpe:2.3:o:netgear:rbk22_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk22_satellite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk22:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
OR cpe:2.3:o:netgear:rbk23_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk23_satellite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:netgear:rbk30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk30:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:netgear:rbk33_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk33:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
OR cpe:2.3:o:netgear:rbk40_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk40_satellite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
OR cpe:2.3:o:netgear:rbk43_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk43_satellite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
OR cpe:2.3:o:netgear:rbk43s_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk43s_satellite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
OR cpe:2.3:o:netgear:rbk44_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk44_satellite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:netgear:rbk50v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk50v:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:netgear:rbk52w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk52w:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:21

Type Values Removed Values Added
References () https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems - Vendor Advisory () https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems - Vendor Advisory
References () https://www.zerodayinitiative.com/advisories/ZDI-20-1430/ - Third Party Advisory, VDB Entry () https://www.zerodayinitiative.com/advisories/ZDI-20-1430/ - Third Party Advisory, VDB Entry

Information

Published : 2021-02-12 00:15

Updated : 2024-11-21 05:21


NVD link : CVE-2020-27861

Mitre link : CVE-2020-27861

CVE.ORG link : CVE-2020-27861


JSON object : View

Products Affected

netgear

  • rbk20w
  • cbk40_firmware
  • rbk14_firmware
  • ex7700
  • rbk15_firmware
  • rbk23_satellite_firmware
  • rbk44
  • rbr50
  • rbk13
  • ex6200_firmware
  • rbk14
  • rbs40_firmware
  • cbk43
  • rbk12_firmware
  • cbr40
  • rbk30_firmware
  • rbk40_satellite_firmware
  • rbk20_router_firmware
  • rbk20_satellite_firmware
  • rbs20
  • rbk43
  • rbk52w
  • rbk52w_firmware
  • rbk50v_firmware
  • rbk43s
  • rbk15
  • rbk13_firmware
  • rbk43s_router_firmware
  • rbr40_firmware
  • rbr20
  • rbk50_firmware
  • rbk33_firmware
  • ex7700_firmware
  • rbs10
  • rbk33
  • rbs40
  • rbk44_router_firmware
  • ex8000
  • rbr10_firmware
  • rbk20w_firmware
  • rbk23w_firmware
  • rbr50_firmware
  • rbk40_router_firmware
  • rbk43_router_firmware
  • rbk50
  • rbk23w
  • rbk23
  • rbs20_firmware
  • cbk40
  • rbs50_firmware
  • rbr40
  • rbk12
  • rbk22
  • rbk30
  • rbk44_satellite_firmware
  • rbs50
  • rbk22_router_firmware
  • rbk23_router_firmware
  • rbk20
  • ex6200
  • rbr20_firmware
  • rbk43s_satellite_firmware
  • rbr10
  • rbk50v
  • ex8000_firmware
  • rbk22_satellite_firmware
  • rbs10_firmware
  • rbk40
  • cbk43_firmware
  • rbk43_satellite_firmware
  • cbr40_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')