CVE-2020-27861: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is…

high8.8CVSS 3.1

AVAACLPRNUINSUCHIHAH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

Affected

40 ranges· showing 25

Vendor	Product	Version range	Fixed in
netgear	cbk40_firmware	< 2.6.1.38	2.6.1.38
netgear	cbk43_firmware	< 2.6.1.38	2.6.1.38
netgear	cbr40_firmware	< 2.6.1.38	2.6.1.38
netgear	ex6200_firmware	< 1.0.1.82	1.0.1.82
netgear	ex7700_firmware	< 1.0.0.210	1.0.0.210
netgear	ex8000_firmware	< 1.0.1.224	1.0.1.224
netgear	orbi	—	—
netgear	rbk12_firmware	< 2.6.1.44	2.6.1.44
netgear	rbk13_firmware	< 2.6.1.44	2.6.1.44
netgear	rbk14_firmware	< 2.6.1.44	2.6.1.44
netgear	rbk15_firmware	< 2.6.1.44	2.6.1.44
netgear	rbk20_router_firmware	< 2.6.1.36	2.6.1.36
netgear	rbk20_satellite_firmware	< 2.6.1.38	2.6.1.38
netgear	rbk20w_firmware	< 2.6.1.36	2.6.1.36
netgear	rbk22_router_firmware	< 2.6.1.36	2.6.1.36
netgear	rbk22_satellite_firmware	< 2.6.1.38	2.6.1.38
netgear	rbk23_router_firmware	< 2.6.1.36	2.6.1.36
netgear	rbk23_satellite_firmware	< 2.6.1.38	2.6.1.38
netgear	rbk23w_firmware	< 2.6.1.36	2.6.1.36
netgear	rbk30_firmware	< 2.6.1.36	2.6.1.36
netgear	rbk33_firmware	< 2.6.1.36	2.6.1.36
netgear	rbk40_router_firmware	< 2.6.1.36	2.6.1.36
netgear	rbk40_satellite_firmware	< 2.6.1.38	2.6.1.38
netgear	rbk43_router_firmware	< 2.6.1.36	2.6.1.36
netgear	rbk43_satellite_firmware	< 2.6.1.38	2.6.1.38