Details of VAR-202102-0343

ID

VAR-202102-0343

CVE

CVE-2020-27872

TITLE

NETGEAR R7450 Vulnerability in leaking resources to incorrect area in router

Trust: 0.8

sources: JVNDB: JVNDB-2020-015834

DESCRIPTION

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365. NETGEAR R7450 A router contains a vulnerability related to the leakage of resources to the wrong area. Zero Day Initiative To this vulnerability ZDI-CAN-11365 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR R7450 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks

Trust: 2.88

sources: NVD: CVE-2020-27872 // JVNDB: JVNDB-2020-015834 // ZDI: ZDI-21-071 // CNVD: CNVD-2022-06704 // VULMON: CVE-2020-27872

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-06704

AFFECTED PRODUCTS

vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.78	Trust: 1.6
vendor:	netgear	model:	r7450	scope:	lt	version:	1.2.0.76	Trust: 1.6
vendor:	netgear	model:	ac2100	scope:	lt	version:	1.2.0.76	Trust: 1.6
vendor:	netgear	model:	ac2400	scope:	lt	version:	1.2.0.76	Trust: 1.6
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.48	Trust: 1.6
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.48	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.76	Trust: 1.6
vendor:	netgear	model:	r6850	scope:	lt	version:	1.1.0.78	Trust: 1.6
vendor:	netgear	model:	r7200	scope:	lt	version:	1.2.0.76	Trust: 1.6
vendor:	netgear	model:	r7350	scope:	lt	version:	1.2.0.76	Trust: 1.6
vendor:	netgear	model:	r7400	scope:	lt	version:	1.2.0.76	Trust: 1.6
vendor:	netgear	model:	ac2600	scope:	lt	version:	1.2.0.76	Trust: 1.6
vendor:	netgear	model:	r6350	scope:	lt	version:	1.1.0.78	Trust: 1.6
vendor:	netgear	model:	r6330	scope:	lt	version:	1.1.0.78	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.76	Trust: 1.6
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.76	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.104	Trust: 1.6
vendor:	netgear	model:	r6230	scope:	lt	version:	1.1.0.104	Trust: 1.6
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.76	Trust: 1.0
vendor:	ネットギア	model:	ac2100	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ac2400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ac2600	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7450	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7350	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	r7450	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-071 // CNVD: CNVD-2022-06704 // JVNDB: JVNDB-2020-015834 // NVD: CVE-2020-27872

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-27872
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-27872
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-27872
value:	HIGH
Trust: 0.8
ZDI:	CVE-2020-27872
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2022-06704
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-385
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-27872
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-27872
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-06704
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2020-27872
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-27872
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2020-27872
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-071 // CNVD: CNVD-2022-06704 // VULMON: CVE-2020-27872 // JVNDB: JVNDB-2020-015834 // CNNVD: CNNVD-202102-385 // NVD: CVE-2020-27872 // NVD: CVE-2020-27872

PROBLEMTYPE DATA

problemtype:	CWE-642	Trust: 1.0
problemtype:	CWE-668	Trust: 1.0
problemtype:	Leakage of resources to the wrong area (CWE-668) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-015834 // NVD: CVE-2020-27872

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202102-385

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-385

PATCH

title:	Security Advisory for Password Recovery Vulnerabilities on Some Routers	url:	https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers	Trust: 1.5
title:	Patch for NETGEAR R7450 Authentication Bypass Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/316191	Trust: 0.6
title:	NETGEAR R7450 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140609	Trust: 0.6

sources: ZDI: ZDI-21-071 // CNVD: CNVD-2022-06704 // JVNDB: JVNDB-2020-015834 // CNNVD: CNNVD-202102-385

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27872	Trust: 3.8
db:	ZDI	id:	ZDI-21-071	Trust: 3.2
db:	JVNDB	id:	JVNDB-2020-015834	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-11365	Trust: 0.7
db:	CNVD	id:	CNVD-2022-06704	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-385	Trust: 0.6
db:	VULMON	id:	CVE-2020-27872	Trust: 0.1

sources: ZDI: ZDI-21-071 // CNVD: CNVD-2022-06704 // VULMON: CVE-2020-27872 // JVNDB: JVNDB-2020-015834 // CNNVD: CNNVD-202102-385 // NVD: CVE-2020-27872

REFERENCES

url:	https://kb.netgear.com/000062641/security-advisory-for-password-recovery-vulnerabilities-on-some-routers	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27872	Trust: 2.0
url:	https://www.zerodayinitiative.com/advisories/zdi-21-071/	Trust: 1.8
url:	https://www.zerodayinitiative.com/advisories/zdi-21-071//	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-21-071 // CNVD: CNVD-2022-06704 // VULMON: CVE-2020-27872 // JVNDB: JVNDB-2020-015834 // CNNVD: CNNVD-202102-385 // NVD: CVE-2020-27872

CREDITS

1sd3d of Viettel Cyber Security

Trust: 0.7

sources: ZDI: ZDI-21-071

SOURCES

db:	ZDI	id:	ZDI-21-071
db:	CNVD	id:	CNVD-2022-06704
db:	VULMON	id:	CVE-2020-27872
db:	JVNDB	id:	JVNDB-2020-015834
db:	CNNVD	id:	CNNVD-202102-385
db:	NVD	id:	CVE-2020-27872

LAST UPDATE DATE

2024-11-23T22:37:05.259000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-071	date:	2021-01-18T00:00:00
db:	CNVD	id:	CNVD-2022-06704	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2020-27872	date:	2021-02-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-015834	date:	2021-10-19T07:03:00
db:	CNNVD	id:	CNNVD-202102-385	date:	2021-02-09T00:00:00
db:	NVD	id:	CVE-2020-27872	date:	2024-11-21T05:21:58.533

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-071	date:	2021-01-18T00:00:00
db:	CNVD	id:	CNVD-2022-06704	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2020-27872	date:	2021-02-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-015834	date:	2021-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202102-385	date:	2021-02-04T00:00:00
db:	NVD	id:	CVE-2020-27872	date:	2021-02-04T17:15:13.293