CVE-2020-27861

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

Related CPE's

onetgearcbk40_firmware********

hnetgearcbk40-*******

onetgearcbk43_firmware********

hnetgearcbk43-*******

onetgearcbr40_firmware********

hnetgearcbr40-*******

onetgearex6200_firmware********

hnetgearex6200v2*******

onetgearex7700_firmware********

hnetgearex7700-*******

References

https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-20-1430/

Third Party AdvisoryVDB Entry

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

ADJACENT_NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

8.8

VectorString

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

8.300000190734863

VectorString

AV:A/AC:L/Au:N/C:C/I:C/A:C

Version

2.0

AccessVector

ADJACENT_NETWORK

Authentication

NONE

Created by Yello
About Severity.io