Vulnerability Details CVE-2020-27866
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.855
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 8.3
References
- https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers
- https://www.zerodayinitiative.com/advisories/ZDI-20-1451/
- https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers
- https://www.zerodayinitiative.com/advisories/ZDI-20-1451/
Products affected by CVE-2020-27866
-
cpe:2.3:h:netgear:ac2100:-
-
cpe:2.3:h:netgear:ac2400:-
-
cpe:2.3:h:netgear:ac2600:-
-
cpe:2.3:h:netgear:r6020:-
-
cpe:2.3:h:netgear:r6080:-
-
cpe:2.3:h:netgear:r6120:-
-
cpe:2.3:h:netgear:r6220:-
-
cpe:2.3:h:netgear:r6230:-
-
cpe:2.3:h:netgear:r6260:-
-
cpe:2.3:h:netgear:r6330:-
-
cpe:2.3:h:netgear:r6350:-
-
cpe:2.3:h:netgear:r6700:v2
-
cpe:2.3:h:netgear:r6800:-
-
cpe:2.3:h:netgear:r6850:-
-
cpe:2.3:h:netgear:r6900:v2
-
cpe:2.3:h:netgear:r7200:-
-
cpe:2.3:h:netgear:r7350:-
-
cpe:2.3:h:netgear:r7400:-
-
cpe:2.3:h:netgear:r7450:-
-
cpe:2.3:o:netgear:ac2100_firmware:-
-
cpe:2.3:o:netgear:ac2100_firmware:1.2.0.36
-
cpe:2.3:o:netgear:ac2100_firmware:1.2.0.62
-
cpe:2.3:o:netgear:ac2100_firmware:1.2.0.72
-
cpe:2.3:o:netgear:ac2100_firmware:1.2.0.74
-
cpe:2.3:o:netgear:ac2400_firmware:-
-
cpe:2.3:o:netgear:ac2400_firmware:1.1.0.84
-
cpe:2.3:o:netgear:ac2400_firmware:1.2.0.36
-
cpe:2.3:o:netgear:ac2400_firmware:1.2.0.62
-
cpe:2.3:o:netgear:ac2400_firmware:1.2.0.72
-
cpe:2.3:o:netgear:ac2400_firmware:1.2.0.74
-
cpe:2.3:o:netgear:ac2600_firmware:-
-
cpe:2.3:o:netgear:ac2600_firmware:1.2.0.36
-
cpe:2.3:o:netgear:ac2600_firmware:1.2.0.62
-
cpe:2.3:o:netgear:ac2600_firmware:1.2.0.72
-
cpe:2.3:o:netgear:ac2600_firmware:1.2.0.74
-
cpe:2.3:o:netgear:r6020_firmware:1.0.0.26
-
cpe:2.3:o:netgear:r6020_firmware:1.0.0.30
-
cpe:2.3:o:netgear:r6020_firmware:1.0.0.34
-
cpe:2.3:o:netgear:r6020_firmware:1.0.0.38
-
cpe:2.3:o:netgear:r6020_firmware:1.0.0.40
-
cpe:2.3:o:netgear:r6020_firmware:1.0.0.42
-
cpe:2.3:o:netgear:r6020_firmware:1.0.0.44
-
cpe:2.3:o:netgear:r6020_firmware:1.0.0.46
-
cpe:2.3:o:netgear:r6080_firmware:1.0.0.26
-
cpe:2.3:o:netgear:r6080_firmware:1.0.0.30
-
cpe:2.3:o:netgear:r6080_firmware:1.0.0.34
-
cpe:2.3:o:netgear:r6080_firmware:1.0.0.38
-
cpe:2.3:o:netgear:r6080_firmware:1.0.0.40
-
cpe:2.3:o:netgear:r6080_firmware:1.0.0.42
-
cpe:2.3:o:netgear:r6080_firmware:1.0.0.44
-
cpe:2.3:o:netgear:r6080_firmware:1.0.0.46
-
cpe:2.3:o:netgear:r6120_firmware:-
-
cpe:2.3:o:netgear:r6120_firmware:1.0.0.30
-
cpe:2.3:o:netgear:r6120_firmware:1.0.0.36
-
cpe:2.3:o:netgear:r6120_firmware:1.0.0.40
-
cpe:2.3:o:netgear:r6120_firmware:1.0.0.42
-
cpe:2.3:o:netgear:r6120_firmware:1.0.0.44
-
cpe:2.3:o:netgear:r6120_firmware:1.0.0.46
-
cpe:2.3:o:netgear:r6120_firmware:1.0.0.48
-
cpe:2.3:o:netgear:r6120_firmware:1.0.0.66
-
cpe:2.3:o:netgear:r6120_firmware:1.0.0.70
-
cpe:2.3:o:netgear:r6120_firmware:1.0.0.72
-
cpe:2.3:o:netgear:r6220_firmware:-
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.100
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.46
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.50
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.60
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.64
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.66
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.68
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.80
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.86
-
cpe:2.3:o:netgear:r6230_firmware:-
-
cpe:2.3:o:netgear:r6230_firmware:1.1.0.100
-
cpe:2.3:o:netgear:r6230_firmware:1.1.0.80
-
cpe:2.3:o:netgear:r6230_firmware:1.1.0.86
-
cpe:2.3:o:netgear:r6260_firmware:-
-
cpe:2.3:o:netgear:r6260_firmware:1.1.0.40
-
cpe:2.3:o:netgear:r6260_firmware:1.1.0.64
-
cpe:2.3:o:netgear:r6260_firmware:1.1.0.66
-
cpe:2.3:o:netgear:r6260_firmware:1.1.0.76
-
cpe:2.3:o:netgear:r6330_firmware:1.1.0.76
-
cpe:2.3:o:netgear:r6350_firmware:-
-
cpe:2.3:o:netgear:r6350_firmware:1.1.0.40
-
cpe:2.3:o:netgear:r6350_firmware:1.1.0.76
-
cpe:2.3:o:netgear:r6700_firmware:-
-
cpe:2.3:o:netgear:r6700_firmware:1.0.0.26
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.14
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.16
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.20
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.22
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.26
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.30
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.36
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.44
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.46
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.48
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.16
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.26
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.32
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.52
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.6
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.62
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.66
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.8
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.120
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.122
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.126
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.128
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.84
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.84_10.0.58
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.98
-
cpe:2.3:o:netgear:r6700_firmware:1.1.0.38
-
cpe:2.3:o:netgear:r6700_firmware:1.1.0.42
-
cpe:2.3:o:netgear:r6700_firmware:1.1.1.20
-
cpe:2.3:o:netgear:r6700_firmware:1.2.0.12
-
cpe:2.3:o:netgear:r6700_firmware:1.2.0.14
-
cpe:2.3:o:netgear:r6700_firmware:1.2.0.16
-
cpe:2.3:o:netgear:r6700_firmware:1.2.0.2
-
cpe:2.3:o:netgear:r6700_firmware:1.2.0.24
-
cpe:2.3:o:netgear:r6700_firmware:1.2.0.36
-
cpe:2.3:o:netgear:r6700_firmware:1.2.0.4
-
cpe:2.3:o:netgear:r6700_firmware:1.2.0.62
-
cpe:2.3:o:netgear:r6800_firmware:-
-
cpe:2.3:o:netgear:r6800_firmware:1.0.1.10
-
cpe:2.3:o:netgear:r6800_firmware:1.1.0.38
-
cpe:2.3:o:netgear:r6800_firmware:1.1.0.42
-
cpe:2.3:o:netgear:r6800_firmware:1.2.0.12
-
cpe:2.3:o:netgear:r6800_firmware:1.2.0.14
-
cpe:2.3:o:netgear:r6800_firmware:1.2.0.16
-
cpe:2.3:o:netgear:r6800_firmware:1.2.0.2
-
cpe:2.3:o:netgear:r6800_firmware:1.2.0.24
-
cpe:2.3:o:netgear:r6800_firmware:1.2.0.36
-
cpe:2.3:o:netgear:r6800_firmware:1.2.0.4
-
cpe:2.3:o:netgear:r6800_firmware:1.2.0.62
-
cpe:2.3:o:netgear:r6800_firmware:1.2.0.72
-
cpe:2.3:o:netgear:r6800_firmware:1.2.0.74
-
cpe:2.3:o:netgear:r6850_firmware:-
-
cpe:2.3:o:netgear:r6850_firmware:1.0.0.48
-
cpe:2.3:o:netgear:r6850_firmware:1.0.0.76
-
cpe:2.3:o:netgear:r6850_firmware:1.1.0.40
-
cpe:2.3:o:netgear:r6850_firmware:1.1.0.76
-
cpe:2.3:o:netgear:r6900_firmware:-
-
cpe:2.3:o:netgear:r6900_firmware:1.0.1.14
-
cpe:2.3:o:netgear:r6900_firmware:1.0.1.16
-
cpe:2.3:o:netgear:r6900_firmware:1.0.1.20
-
cpe:2.3:o:netgear:r6900_firmware:1.0.1.22
-
cpe:2.3:o:netgear:r6900_firmware:1.0.1.26
-
cpe:2.3:o:netgear:r6900_firmware:1.0.1.28
-
cpe:2.3:o:netgear:r6900_firmware:1.0.1.30
-
cpe:2.3:o:netgear:r6900_firmware:1.0.1.34
-
cpe:2.3:o:netgear:r6900_firmware:1.0.1.44
-
cpe:2.3:o:netgear:r6900_firmware:1.0.1.46
-
cpe:2.3:o:netgear:r6900_firmware:1.0.1.48
-
cpe:2.3:o:netgear:r6900_firmware:1.0.2.16
-
cpe:2.3:o:netgear:r6900_firmware:1.0.2.26
-
cpe:2.3:o:netgear:r6900_firmware:1.0.2.4
-
cpe:2.3:o:netgear:r6900_firmware:1.0.2.8
-
cpe:2.3:o:netgear:r6900_firmware:1.1.0.42
-
cpe:2.3:o:netgear:r6900_firmware:1.2.0.12
-
cpe:2.3:o:netgear:r6900_firmware:1.2.0.14
-
cpe:2.3:o:netgear:r6900_firmware:1.2.0.16
-
cpe:2.3:o:netgear:r6900_firmware:1.2.0.2
-
cpe:2.3:o:netgear:r6900_firmware:1.2.0.24
-
cpe:2.3:o:netgear:r6900_firmware:1.2.0.36
-
cpe:2.3:o:netgear:r6900_firmware:1.2.0.4
-
cpe:2.3:o:netgear:r6900_firmware:1.2.0.62
-
cpe:2.3:o:netgear:r7200_firmware:-
-
cpe:2.3:o:netgear:r7200_firmware:1.2.0.48
-
cpe:2.3:o:netgear:r7200_firmware:1.2.0.72
-
cpe:2.3:o:netgear:r7350_firmware:-
-
cpe:2.3:o:netgear:r7350_firmware:1.2.0.48
-
cpe:2.3:o:netgear:r7350_firmware:1.2.0.72
-
cpe:2.3:o:netgear:r7400_firmware:-
-
cpe:2.3:o:netgear:r7400_firmware:1.2.0.48
-
cpe:2.3:o:netgear:r7400_firmware:1.2.0.72
-
cpe:2.3:o:netgear:r7450_firmware:-
-
cpe:2.3:o:netgear:r7450_firmware:1.2.0.36
-
cpe:2.3:o:netgear:r7450_firmware:1.2.0.50
-
cpe:2.3:o:netgear:r7450_firmware:1.2.0.62
-
cpe:2.3:o:netgear:r7450_firmware:1.2.0.72
-
cpe:2.3:o:netgear:r7450_firmware:1.2.0.74