Vulnerability Details CVE-2020-27861
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 8.3
References
- https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems
- https://www.zerodayinitiative.com/advisories/ZDI-20-1430/
- https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems
- https://www.zerodayinitiative.com/advisories/ZDI-20-1430/
Products affected by CVE-2020-27861
-
cpe:2.3:h:netgear:cbk40:-
-
cpe:2.3:h:netgear:cbk43:-
-
cpe:2.3:h:netgear:cbr40:-
-
cpe:2.3:h:netgear:ex6200:v2
-
cpe:2.3:h:netgear:ex7700:-
-
cpe:2.3:h:netgear:ex8000:-
-
cpe:2.3:h:netgear:rbk12:-
-
cpe:2.3:h:netgear:rbk13:-
-
cpe:2.3:h:netgear:rbk14:-
-
cpe:2.3:h:netgear:rbk15:-
-
cpe:2.3:h:netgear:rbk20:-
-
cpe:2.3:h:netgear:rbk20w:-
-
cpe:2.3:h:netgear:rbk22:-
-
cpe:2.3:h:netgear:rbk23:-
-
cpe:2.3:h:netgear:rbk23w:-
-
cpe:2.3:h:netgear:rbk30:-
-
cpe:2.3:h:netgear:rbk33:-
-
cpe:2.3:h:netgear:rbk40:-
-
cpe:2.3:h:netgear:rbk43:-
-
cpe:2.3:h:netgear:rbk43s:-
-
cpe:2.3:h:netgear:rbk44:-
-
cpe:2.3:h:netgear:rbk50:-
-
cpe:2.3:h:netgear:rbk50v:-
-
cpe:2.3:h:netgear:rbk52w:-
-
cpe:2.3:h:netgear:rbr10:-
-
cpe:2.3:h:netgear:rbr20:-
-
cpe:2.3:h:netgear:rbr40:-
-
cpe:2.3:h:netgear:rbr50:-
-
cpe:2.3:h:netgear:rbs10:-
-
cpe:2.3:h:netgear:rbs20:-
-
cpe:2.3:h:netgear:rbs40:-
-
cpe:2.3:h:netgear:rbs50:-
-
cpe:2.3:o:netgear:cbk40_firmware:2.5.0.10
-
cpe:2.3:o:netgear:cbk43_firmware:*
-
cpe:2.3:o:netgear:cbr40_firmware:-
-
cpe:2.3:o:netgear:cbr40_firmware:2.3.5.12
-
cpe:2.3:o:netgear:cbr40_firmware:2.5.0.10
-
cpe:2.3:o:netgear:cbr40_firmware:2.5.0.14
-
cpe:2.3:o:netgear:cbr40_firmware:2.5.0.24
-
cpe:2.3:o:netgear:cbr40_firmware:2.5.0.28
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.44
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.50
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.52
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.56
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.62
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.64
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.72
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.74
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.78
-
cpe:2.3:o:netgear:ex7700_firmware:-
-
cpe:2.3:o:netgear:ex8000_firmware:-
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.0.102
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.0.114
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.0.118
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.1.180
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.1.186
-
cpe:2.3:o:netgear:rbk12_firmware:-
-
cpe:2.3:o:netgear:rbk13_firmware:*
-
cpe:2.3:o:netgear:rbk14_firmware:*
-
cpe:2.3:o:netgear:rbk15_firmware:*
-
cpe:2.3:o:netgear:rbk20_router_firmware:*
-
cpe:2.3:o:netgear:rbk20_satellite_firmware:*
-
cpe:2.3:o:netgear:rbk20w_firmware:*
-
cpe:2.3:o:netgear:rbk22_router_firmware:*
-
cpe:2.3:o:netgear:rbk22_satellite_firmware:*
-
cpe:2.3:o:netgear:rbk23_router_firmware:*
-
cpe:2.3:o:netgear:rbk23_satellite_firmware:*
-
cpe:2.3:o:netgear:rbk23w_firmware:*
-
cpe:2.3:o:netgear:rbk30_firmware:*
-
cpe:2.3:o:netgear:rbk33_firmware:*
-
cpe:2.3:o:netgear:rbk40_router_firmware:*
-
cpe:2.3:o:netgear:rbk40_satellite_firmware:*
-
cpe:2.3:o:netgear:rbk43_router_firmware:*
-
cpe:2.3:o:netgear:rbk43_satellite_firmware:*
-
cpe:2.3:o:netgear:rbk43s_router_firmware:*
-
cpe:2.3:o:netgear:rbk43s_satellite_firmware:*
-
cpe:2.3:o:netgear:rbk44_router_firmware:*
-
cpe:2.3:o:netgear:rbk44_satellite_firmware:*
-
cpe:2.3:o:netgear:rbk50_firmware:-
-
cpe:2.3:o:netgear:rbk50_firmware:2.1.4.10
-
cpe:2.3:o:netgear:rbk50_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbk50_firmware:2.3.0.32
-
cpe:2.3:o:netgear:rbk50_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbk50_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbk50v_firmware:*
-
cpe:2.3:o:netgear:rbk52w_firmware:*
-
cpe:2.3:o:netgear:rbr10_firmware:*
-
cpe:2.3:o:netgear:rbr20_firmware:-
-
cpe:2.3:o:netgear:rbr20_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbr20_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbr20_firmware:2.3.5.26
-
cpe:2.3:o:netgear:rbr20_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbr40_firmware:-
-
cpe:2.3:o:netgear:rbr40_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbr40_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbr40_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbr50_firmware:-
-
cpe:2.3:o:netgear:rbr50_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbr50_firmware:2.3.0.32
-
cpe:2.3:o:netgear:rbr50_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbr50_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbs10_firmware:*
-
cpe:2.3:o:netgear:rbs20_firmware:-
-
cpe:2.3:o:netgear:rbs20_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbs20_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbs20_firmware:2.3.5.26
-
cpe:2.3:o:netgear:rbs20_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbs40_firmware:-
-
cpe:2.3:o:netgear:rbs40_firmware:2.1.4.10
-
cpe:2.3:o:netgear:rbs40_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbs40_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbs40_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbs40_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbs50_firmware:-
-
cpe:2.3:o:netgear:rbs50_firmware:2.1.4.10
-
cpe:2.3:o:netgear:rbs50_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbs50_firmware:2.3.0.32
-
cpe:2.3:o:netgear:rbs50_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbs50_firmware:2.5.1.16