CVE-2020-27861

high-risk

Published 2021-02-12

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

Do I need to act?

1.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (20)

Cbk40 Firmware

Cbk43 Firmware

Cbr40 Firmware

Ex6200 Firmware

Ex7700 Firmware

Ex8000 Firmware

Rbk12 Firmware

Rbk13 Firmware

Rbk14 Firmware

Rbk15 Firmware

Rbr10 Firmware

Rbs10 Firmware

Rbk20W Firmware

Rbk23W Firmware

Rbk20 Router Firmware

Rbk20 Satellite Firmware

Rbk22 Router Firmware

Rbk22 Satellite Firmware

Rbk23 Router Firmware

Rbk23 Satellite Firmware

Affected Vendors

Netgear

References (4)

Vendor Advisory https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-I...

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-20-1430/

Vendor Advisory https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-I...

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-20-1430/

/ 100

high-risk

Severity 27/34 · High

Exploitability 3/34 · Minimal

Exposure 24/34 · High