Sign-up

ID

VAR-202102-0337


CVE

CVE-2020-27866


TITLE

plural  NETGEAR  Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-015990

DESCRIPTION

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355. Zero Day Initiative To this vulnerability ZDI-CAN-11355 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 2.34

sources: NVD: CVE-2020-27866 // JVNDB: JVNDB-2020-015990 // ZDI: ZDI-20-1451 // VULMON: CVE-2020-27866

AFFECTED PRODUCTS

vendor:netgearmodel:r6230scope:ltversion:1.1.0.104

Trust: 1.0

vendor:netgearmodel:r6020scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:r7450scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r6850scope:ltversion:1.1.0.78

Trust: 1.0

vendor:netgearmodel:ac2600scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:ac2400scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r7200scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:ac2100scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r6080scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:r6330scope:ltversion:1.1.0.78

Trust: 1.0

vendor:netgearmodel:r6700scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r7400scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r6900scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r6220scope:ltversion:1.1.0.104

Trust: 1.0

vendor:netgearmodel:r6800scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r6120scope:ltversion:1.0.0.76

Trust: 1.0

vendor:netgearmodel:r6350scope:ltversion:1.1.0.78

Trust: 1.0

vendor:netgearmodel:r6260scope:ltversion:1.1.0.78

Trust: 1.0

vendor:netgearmodel:r7350scope:ltversion:1.2.0.76

Trust: 1.0

vendor:ネットギアmodel:ac2600scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7400scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7350scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7200scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ac2100scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6800scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7450scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6700scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ac2400scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6900scope: - version: -

Trust: 0.8

vendor:netgearmodel:multiple routersscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-1451 // JVNDB: JVNDB-2020-015990 // NVD: CVE-2020-27866

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27866
value: HIGH

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-27866
value: HIGH

Trust: 1.0

NVD: CVE-2020-27866
value: HIGH

Trust: 0.8

ZDI: CVE-2020-27866
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202102-1092
value: HIGH

Trust: 0.6

VULMON: CVE-2020-27866
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-27866
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

zdi-disclosures@trendmicro.com: CVE-2020-27866
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-27866
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2020-27866
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-1451 // VULMON: CVE-2020-27866 // JVNDB: JVNDB-2020-015990 // CNNVD: CNNVD-202102-1092 // NVD: CVE-2020-27866 // NVD: CVE-2020-27866

PROBLEMTYPE DATA

problemtype:CWE-288

Trust: 1.0

problemtype:CWE-287

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-015990 // NVD: CVE-2020-27866

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202102-1092

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202102-1092

PATCH

title:Security Advisory for Password Recovery Vulnerabilities on Some Routersurl:https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers

Trust: 1.5

title:Repair measures for multiple product authorization issuesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142372

Trust: 0.6

sources: ZDI: ZDI-20-1451 // JVNDB: JVNDB-2020-015990 // CNNVD: CNNVD-202102-1092

EXTERNAL IDS

db:NVDid:CVE-2020-27866

Trust: 3.2

db:ZDIid:ZDI-20-1451

Trust: 3.2

db:JVNDBid:JVNDB-2020-015990

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11355

Trust: 0.7

db:CNNVDid:CNNVD-202102-1092

Trust: 0.6

db:VULMONid:CVE-2020-27866

Trust: 0.1

sources: ZDI: ZDI-20-1451 // VULMON: CVE-2020-27866 // JVNDB: JVNDB-2020-015990 // CNNVD: CNNVD-202102-1092 // NVD: CVE-2020-27866

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-20-1451/

Trust: 2.5

url:https://kb.netgear.com/000062641/security-advisory-for-password-recovery-vulnerabilities-on-some-routers

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-27866

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/288.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-20-1451 // VULMON: CVE-2020-27866 // JVNDB: JVNDB-2020-015990 // CNNVD: CNNVD-202102-1092 // NVD: CVE-2020-27866

CREDITS

1sd3d of Viettel Cyber Security

Trust: 0.7

sources: ZDI: ZDI-20-1451

SOURCES

db:ZDIid:ZDI-20-1451
db:VULMONid:CVE-2020-27866
db:JVNDBid:JVNDB-2020-015990
db:CNNVDid:CNNVD-202102-1092
db:NVDid:CVE-2020-27866

LAST UPDATE DATE

2024-11-23T23:01:08.941000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-1451date:2020-12-18T00:00:00
db:VULMONid:CVE-2020-27866date:2021-03-26T00:00:00
db:JVNDBid:JVNDB-2020-015990date:2021-10-29T09:02:00
db:CNNVDid:CNNVD-202102-1092date:2021-08-16T00:00:00
db:NVDid:CVE-2020-27866date:2024-11-21T05:21:57.740

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-1451date:2020-12-18T00:00:00
db:VULMONid:CVE-2020-27866date:2021-02-12T00:00:00
db:JVNDBid:JVNDB-2020-015990date:2021-10-29T00:00:00
db:CNNVDid:CNNVD-202102-1092date:2021-02-11T00:00:00
db:NVDid:CVE-2020-27866date:2021-02-12T00:15:12.877