ID

VAR-202102-0338


CVE

CVE-2020-27867


TITLE

plural  NETGEAR  Command injection vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-015991

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653. plural NETGEAR The product contains a command injection vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-11653 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 2.34

sources: NVD: CVE-2020-27867 // JVNDB: JVNDB-2020-015991 // ZDI: ZDI-20-1423 // VULMON: CVE-2020-27867

AFFECTED PRODUCTS

vendor:netgearmodel:r6230scope:ltversion:1.1.0.104

Trust: 1.0

vendor:netgearmodel:r6020scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:r7450scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r6850scope:ltversion:1.1.0.78

Trust: 1.0

vendor:netgearmodel:ac2600scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:ac2400scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r7200scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:ac2100scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r6080scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:r6330scope:ltversion:1.1.0.78

Trust: 1.0

vendor:netgearmodel:r6700scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r7400scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r6900scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r6220scope:ltversion:1.1.0.104

Trust: 1.0

vendor:netgearmodel:r6800scope:ltversion:1.2.0.76

Trust: 1.0

vendor:netgearmodel:r6120scope:ltversion:1.0.0.76

Trust: 1.0

vendor:netgearmodel:r6350scope:ltversion:1.1.0.78

Trust: 1.0

vendor:netgearmodel:r6260scope:ltversion:1.1.0.78

Trust: 1.0

vendor:netgearmodel:r7350scope:ltversion:1.2.0.76

Trust: 1.0

vendor:ネットギアmodel:ac2600scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7400scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7350scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7200scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ac2100scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6800scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7450scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6700scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ac2400scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6900scope: - version: -

Trust: 0.8

vendor:netgearmodel:multiple routersscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-1423 // JVNDB: JVNDB-2020-015991 // NVD: CVE-2020-27867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27867
value: MEDIUM

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-27867
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-27867
value: MEDIUM

Trust: 0.8

ZDI: CVE-2020-27867
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-202102-1091
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-27867
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-27867
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

zdi-disclosures@trendmicro.com: CVE-2020-27867
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-27867
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2020-27867
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-1423 // VULMON: CVE-2020-27867 // JVNDB: JVNDB-2020-015991 // CNNVD: CNNVD-202102-1091 // NVD: CVE-2020-27867 // NVD: CVE-2020-27867

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-015991 // NVD: CVE-2020-27867

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202102-1091

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202102-1091

PATCH

title:Security Advisory for Password Recovery Vulnerabilities on Some Routersurl:https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers

Trust: 1.5

title:Repair measures for command injection vulnerabilities in multiple productsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142371

Trust: 0.6

sources: ZDI: ZDI-20-1423 // JVNDB: JVNDB-2020-015991 // CNNVD: CNNVD-202102-1091

EXTERNAL IDS

db:NVDid:CVE-2020-27867

Trust: 3.2

db:ZDIid:ZDI-20-1423

Trust: 3.2

db:JVNDBid:JVNDB-2020-015991

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11653

Trust: 0.7

db:CNNVDid:CNNVD-202102-1091

Trust: 0.6

db:VULMONid:CVE-2020-27867

Trust: 0.1

sources: ZDI: ZDI-20-1423 // VULMON: CVE-2020-27867 // JVNDB: JVNDB-2020-015991 // CNNVD: CNNVD-202102-1091 // NVD: CVE-2020-27867

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-20-1423/

Trust: 2.5

url:https://kb.netgear.com/000062641/security-advisory-for-password-recovery-vulnerabilities-on-some-routers

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-27867

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-20-1423 // VULMON: CVE-2020-27867 // JVNDB: JVNDB-2020-015991 // CNNVD: CNNVD-202102-1091 // NVD: CVE-2020-27867

CREDITS

1sd3d

Trust: 0.7

sources: ZDI: ZDI-20-1423

SOURCES

db:ZDIid:ZDI-20-1423
db:VULMONid:CVE-2020-27867
db:JVNDBid:JVNDB-2020-015991
db:CNNVDid:CNNVD-202102-1091
db:NVDid:CVE-2020-27867

LAST UPDATE DATE

2024-11-23T22:47:49.772000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-1423date:2020-12-21T00:00:00
db:VULMONid:CVE-2020-27867date:2021-03-26T00:00:00
db:JVNDBid:JVNDB-2020-015991date:2021-10-29T09:02:00
db:CNNVDid:CNNVD-202102-1091date:2021-08-16T00:00:00
db:NVDid:CVE-2020-27867date:2024-11-21T05:21:57.877

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-1423date:2020-12-21T00:00:00
db:VULMONid:CVE-2020-27867date:2021-02-12T00:00:00
db:JVNDBid:JVNDB-2020-015991date:2021-10-29T00:00:00
db:CNNVDid:CNNVD-202102-1091date:2021-02-11T00:00:00
db:NVDid:CVE-2020-27867date:2021-02-12T00:15:12.970