Details of VAR-202102-0332

ID

VAR-202102-0332

CVE

CVE-2020-27861

TITLE

NETGEAR Orbi In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-015997

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076. NETGEAR Orbi Has OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11076 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 2.34

sources: NVD: CVE-2020-27861 // JVNDB: JVNDB-2020-015997 // ZDI: ZDI-20-1430 // VULMON: CVE-2020-27861

AFFECTED PRODUCTS

vendor:	netgear	model:	ex8000	scope:	lt	version:	1.0.1.224	Trust: 1.0
vendor:	netgear	model:	rbk20 router	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	ex6200	scope:	lt	version:	1.0.1.82	Trust: 1.0
vendor:	netgear	model:	rbk43 satellite	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	netgear	model:	rbk15	scope:	lt	version:	2.6.1.44	Trust: 1.0
vendor:	netgear	model:	rbr50	scope:	lt	version:	2.6.1.40	Trust: 1.0
vendor:	netgear	model:	rbk20 satellite	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	netgear	model:	rbk50	scope:	lt	version:	2.6.1.40	Trust: 1.0
vendor:	netgear	model:	rbk12	scope:	lt	version:	2.6.1.44	Trust: 1.0
vendor:	netgear	model:	rbs10	scope:	lt	version:	2.6.1.44	Trust: 1.0
vendor:	netgear	model:	cbk43	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	netgear	model:	rbr40	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	rbk13	scope:	lt	version:	2.6.1.44	Trust: 1.0
vendor:	netgear	model:	rbk52w	scope:	lt	version:	2.6.1.40	Trust: 1.0
vendor:	netgear	model:	rbk30	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	cbr40	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	netgear	model:	rbk44 router	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	rbk43s satellite	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	netgear	model:	ex7700	scope:	lt	version:	1.0.0.210	Trust: 1.0
vendor:	netgear	model:	rbk43 router	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	rbs40	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	netgear	model:	rbk14	scope:	lt	version:	2.6.1.44	Trust: 1.0
vendor:	netgear	model:	rbk20w	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	cbk40	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	netgear	model:	rbk22 router	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	rbr20	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	rbk23 satellite	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	netgear	model:	rbk33	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	rbk23w	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	rbk40 satellite	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	netgear	model:	rbr10	scope:	lt	version:	2.6.1.44	Trust: 1.0
vendor:	netgear	model:	rbk22 satellite	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	netgear	model:	rbk43s router	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	rbk50v	scope:	lt	version:	2.6.1.40	Trust: 1.0
vendor:	netgear	model:	rbk40 router	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	rbk23 router	scope:	lt	version:	2.6.1.36	Trust: 1.0
vendor:	netgear	model:	rbs20	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	netgear	model:	rbs50	scope:	lt	version:	2.6.1.40	Trust: 1.0
vendor:	netgear	model:	rbk44 satellite	scope:	lt	version:	2.6.1.38	Trust: 1.0
vendor:	ネットギア	model:	cbk43	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk12	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cbr40	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex7700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex8000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cbk40	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk15	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk13	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk14	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	orbi	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-20-1430 // JVNDB: JVNDB-2020-015997 // NVD: CVE-2020-27861

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-27861
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-27861
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-27861
value:	HIGH
Trust: 0.8
ZDI:	CVE-2020-27861
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202102-1082
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-27861
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-27861
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

zdi-disclosures@trendmicro.com:	CVE-2020-27861
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-27861
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2020-27861
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-1430 // VULMON: CVE-2020-27861 // JVNDB: JVNDB-2020-015997 // CNNVD: CNNVD-202102-1082 // NVD: CVE-2020-27861 // NVD: CVE-2020-27861

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-015997 // NVD: CVE-2020-27861

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202102-1082

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202102-1082

PATCH

title:	Security Advisory for Unauthenticated Command Injection Vulnerability on Some Extenders and Orbi WiFi Systems, PSV-2020-0301	url:	https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0301	Trust: 0.8
title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems	Trust: 0.7
title:	Netgear NETGEAR Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142366	Trust: 0.6
title:	-	url:	https://github.com/f1tao/awesome-iot-security-resource	Trust: 0.1

sources: ZDI: ZDI-20-1430 // VULMON: CVE-2020-27861 // JVNDB: JVNDB-2020-015997 // CNNVD: CNNVD-202102-1082

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27861	Trust: 3.2
db:	ZDI	id:	ZDI-20-1430	Trust: 3.2
db:	JVNDB	id:	JVNDB-2020-015997	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-11076	Trust: 0.7
db:	CNNVD	id:	CNNVD-202102-1082	Trust: 0.6
db:	VULMON	id:	CVE-2020-27861	Trust: 0.1

sources: ZDI: ZDI-20-1430 // VULMON: CVE-2020-27861 // JVNDB: JVNDB-2020-015997 // CNNVD: CNNVD-202102-1082 // NVD: CVE-2020-27861

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-20-1430/	Trust: 2.5
url:	https://kb.netgear.com/000062507/security-advisory-for-unauthenticated-command-injection-vulnerability-on-some-extenders-and-orbi-wifi-systems	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27861	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/f1tao/awesome-iot-security-resource	Trust: 0.1

sources: ZDI: ZDI-20-1430 // VULMON: CVE-2020-27861 // JVNDB: JVNDB-2020-015997 // CNNVD: CNNVD-202102-1082 // NVD: CVE-2020-27861

CREDITS

Shaunak Mirani

Trust: 0.7

sources: ZDI: ZDI-20-1430

SOURCES

db:	ZDI	id:	ZDI-20-1430
db:	VULMON	id:	CVE-2020-27861
db:	JVNDB	id:	JVNDB-2020-015997
db:	CNNVD	id:	CNNVD-202102-1082
db:	NVD	id:	CVE-2020-27861

LAST UPDATE DATE

2024-11-23T22:29:19.265000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-1430	date:	2020-12-15T00:00:00
db:	VULMON	id:	CVE-2020-27861	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-015997	date:	2021-10-29T09:04:00
db:	CNNVD	id:	CNNVD-202102-1082	date:	2021-03-19T00:00:00
db:	NVD	id:	CVE-2020-27861	date:	2024-11-21T05:21:57.107

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-1430	date:	2020-12-15T00:00:00
db:	VULMON	id:	CVE-2020-27861	date:	2021-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-015997	date:	2021-10-29T00:00:00
db:	CNNVD	id:	CNNVD-202102-1082	date:	2021-02-11T00:00:00
db:	NVD	id:	CVE-2020-27861	date:	2021-02-12T00:15:12.500