CVE-2020-27861

Published: Feb 12, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

Affected (39)

Products: Netgear: Cbk40 Firmware, Cbk43 Firmware, Cbr40 Firmware, Ex6200 Firmware, Ex7700 Firmware, Ex8000 Firmware, Rbk12 Firmware, Rbk13 Firmware, Rbk14 Firmware, Rbk15 Firmware, Rbr10 Firmware, Rbs10 Firmware, Rbk20w Firmware, Rbk23w Firmware, Rbk20 Router Firmware, Rbk20 Satellite Firmware, Rbk22 Router Firmware, Rbk22 Satellite Firmware, Rbk23 Router Firmware, Rbk23 Satellite Firmware, Rbr20 Firmware, Rbs20 Firmware, Rbk30 Firmware, Rbk33 Firmware, Rbk40 Router Firmware, Rbk40 Satellite Firmware, Rbk43 Router Firmware, Rbk43 Satellite Firmware, Rbk43s Router Firmware, Rbk43s Satellite Firmware, Rbk44 Router Firmware, Rbk44 Satellite Firmware, Rbr40 Firmware, Rbs40 Firmware, Rbk50 Firmware, Rbk50v Firmware, Rbk52w Firmware, Rbr50 Firmware, Rbs50 Firmware

39 products

Rbk20 Router Firmware

Rbk20 Satellite Firmware

Rbk22 Router Firmware

Rbk22 Satellite Firmware

Rbk23 Router Firmware

Rbk23 Satellite Firmware

Rbk40 Router Firmware

Rbk40 Satellite Firmware

Rbk43 Router Firmware

Rbk43 Satellite Firmware

Rbk43s Router Firmware

Rbk43s Satellite Firmware

Rbk44 Router Firmware

Rbk44 Satellite Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Cbk40 Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Cbk40	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Cbk43 Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Cbk43	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Cbr40 Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Cbr40	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6200 Firmware	Before 1.0.1.82

Running on/with	Platform Versions
Netgear Ex6200	Version v2

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex7700 Firmware	Before 1.0.0.210

Running on/with	Platform Versions
Netgear Ex7700	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex8000 Firmware	Before 1.0.1.224

Running on/with	Platform Versions
Netgear Ex8000	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk12 Firmware	Before 2.6.1.44

Running on/with	Platform Versions
Netgear Rbk12	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk13 Firmware	Before 2.6.1.44

Running on/with	Platform Versions
Netgear Rbk13	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk14 Firmware	Before 2.6.1.44

Running on/with	Platform Versions
Netgear Rbk14	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk15 Firmware	Before 2.6.1.44

Running on/with	Platform Versions
Netgear Rbk15	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbr10 Firmware	Before 2.6.1.44

Running on/with	Platform Versions
Netgear Rbr10	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbs10 Firmware	Before 2.6.1.44

Running on/with	Platform Versions
Netgear Rbs10	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk20w Firmware	Before 2.6.1.36

Running on/with	Platform Versions
Netgear Rbk20w	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk23w Firmware	Before 2.6.1.36

Running on/with	Platform Versions
Netgear Rbk23w	All versions

Configuration O

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk20 Router Firmware	Before 2.6.1.36
Netgear Rbk20 Satellite Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Rbk20	All versions

Configuration P

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk22 Router Firmware	Before 2.6.1.36
Netgear Rbk22 Satellite Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Rbk22	All versions

Configuration Q

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk23 Router Firmware	Before 2.6.1.36
Netgear Rbk23 Satellite Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Rbk23	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbr20 Firmware	Before 2.6.1.36

Running on/with	Platform Versions
Netgear Rbr20	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbs20 Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Rbs20	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk30 Firmware	Before 2.6.1.36

Running on/with	Platform Versions
Netgear Rbk30	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk33 Firmware	Before 2.6.1.36

Running on/with	Platform Versions
Netgear Rbk33	All versions

Configuration V

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk40 Router Firmware	Before 2.6.1.36
Netgear Rbk40 Satellite Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Rbk40	All versions

Configuration W

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk43 Router Firmware	Before 2.6.1.36
Netgear Rbk43 Satellite Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Rbk43	All versions

Configuration X

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk43s Router Firmware	Before 2.6.1.36
Netgear Rbk43s Satellite Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Rbk43s	All versions

Configuration Y

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk44 Router Firmware	Before 2.6.1.36
Netgear Rbk44 Satellite Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Rbk44	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbr40 Firmware	Before 2.6.1.36

Running on/with	Platform Versions
Netgear Rbr40	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbs40 Firmware	Before 2.6.1.38

Running on/with	Platform Versions
Netgear Rbs40	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk50 Firmware	Before 2.6.1.40

Running on/with	Platform Versions
Netgear Rbk50	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk50v Firmware	Before 2.6.1.40

Running on/with	Platform Versions
Netgear Rbk50v	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbk52w Firmware	Before 2.6.1.40

Running on/with	Platform Versions
Netgear Rbk52w	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbr50 Firmware	Before 2.6.1.40

Running on/with	Platform Versions
Netgear Rbr50	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbs50 Firmware	Before 2.6.1.40

Running on/with	Platform Versions
Netgear Rbs50	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems

Source: zdi-disclosures@trendmicro.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-20-1430/

Source: zdi-disclosures@trendmicro.com

Third Party AdvisoryVDB Entry

https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-20-1430/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.