CVE-2020-27861

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

1.0%

top 22.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Cbk40 Firmware Netgear Cbk43 Firmware Netgear Cbr40 Firmware +37 more

Timeline

PublishedFeb 12

Latest updateMay 24

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages40 packages

▶CVEListV5netgear/orbi2.5.1.16

▶NVDnetgear/cbk40_firmware< 2.6.1.38

▶NVDnetgear/cbk43_firmware< 2.6.1.38

▶NVDnetgear/cbr40_firmware< 2.6.1.38

▶NVDnetgear/rbk12_firmware< 2.6.1.44

🔴Vulnerability Details

GHSA

GHSA-jwqc-9f7p-v456: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2↗2022-05-24

▶

CVEList

CVE-2020-27861: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2↗2021-02-11

▶