CVE-2020-27861

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdiCNA
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
netgearcbk40_firmware
𝑥
< 2.6.1.38
netgearcbk43_firmware
𝑥
< 2.6.1.38
netgearcbr40_firmware
𝑥
< 2.6.1.38
netgearex6200_firmware
𝑥
< 1.0.1.82
netgearex7700_firmware
𝑥
< 1.0.0.210
netgearex8000_firmware
𝑥
< 1.0.1.224
netgearrbk12_firmware
𝑥
< 2.6.1.44
netgearrbk13_firmware
𝑥
< 2.6.1.44
netgearrbk14_firmware
𝑥
< 2.6.1.44
netgearrbk15_firmware
𝑥
< 2.6.1.44
netgearrbr10_firmware
𝑥
< 2.6.1.44
netgearrbs10_firmware
𝑥
< 2.6.1.44
netgearrbk20w_firmware
𝑥
< 2.6.1.36
netgearrbk23w_firmware
𝑥
< 2.6.1.36
netgearrbk20_router_firmware
𝑥
< 2.6.1.36
netgearrbk20_satellite_firmware
𝑥
< 2.6.1.38
netgearrbk22_router_firmware
𝑥
< 2.6.1.36
netgearrbk22_satellite_firmware
𝑥
< 2.6.1.38
netgearrbk23_router_firmware
𝑥
< 2.6.1.36
netgearrbk23_satellite_firmware
𝑥
< 2.6.1.38
netgearrbr20_firmware
𝑥
< 2.6.1.36
netgearrbs20_firmware
𝑥
< 2.6.1.38
netgearrbk30_firmware
𝑥
< 2.6.1.36
netgearrbk33_firmware
𝑥
< 2.6.1.36
netgearrbk40_router_firmware
𝑥
< 2.6.1.36
netgearrbk40_satellite_firmware
𝑥
< 2.6.1.38
netgearrbk43_router_firmware
𝑥
< 2.6.1.36
netgearrbk43_satellite_firmware
𝑥
< 2.6.1.38
netgearrbk43s_router_firmware
𝑥
< 2.6.1.36
netgearrbk43s_satellite_firmware
𝑥
< 2.6.1.38
netgearrbk44_router_firmware
𝑥
< 2.6.1.36
netgearrbk44_satellite_firmware
𝑥
< 2.6.1.38
netgearrbr40_firmware
𝑥
< 2.6.1.36
netgearrbs40_firmware
𝑥
< 2.6.1.38
netgearrbk50_firmware
𝑥
< 2.6.1.40
netgearrbk50v_firmware
𝑥
< 2.6.1.40
netgearrbk52w_firmware
𝑥
< 2.6.1.40
netgearrbr50_firmware
𝑥
< 2.6.1.40
netgearrbs50_firmware
𝑥
< 2.6.1.40
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems
https://www.zerodayinitiative.com/advisories/ZDI-20-1430/
https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems
https://www.zerodayinitiative.com/advisories/ZDI-20-1430/