Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2020-27861

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

  • Published: Feb 12, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-27861
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 8.3
  • AV:A/AC:L/Au:N/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

Software From Fixed in
netgear / cbk40_firmware - 2.6.1.38
netgear / cbk43_firmware - 2.6.1.38
netgear / cbr40_firmware - 2.6.1.38
netgear / ex6200_firmware - 1.0.1.82
netgear / ex7700_firmware - 1.0.0.210
netgear / ex8000_firmware - 1.0.1.224
netgear / rbk12_firmware - 2.6.1.44
netgear / rbk13_firmware - 2.6.1.44
netgear / rbk14_firmware - 2.6.1.44
netgear / rbk15_firmware - 2.6.1.44
netgear / rbr10_firmware - 2.6.1.44
netgear / rbs10_firmware - 2.6.1.44
netgear / rbk20w_firmware - 2.6.1.36
netgear / rbk23w_firmware - 2.6.1.36
netgear / rbk20_router_firmware - 2.6.1.36
netgear / rbk20_satellite_firmware - 2.6.1.38
netgear / rbk22_router_firmware - 2.6.1.36
netgear / rbk22_satellite_firmware - 2.6.1.38
netgear / rbk23_router_firmware - 2.6.1.36
netgear / rbk23_satellite_firmware - 2.6.1.38
netgear / rbr20_firmware - 2.6.1.36
netgear / rbs20_firmware - 2.6.1.38
netgear / rbk30_firmware - 2.6.1.36
netgear / rbk33_firmware - 2.6.1.36
netgear / rbk40_router_firmware - 2.6.1.36
netgear / rbk40_satellite_firmware - 2.6.1.38
netgear / rbk43_router_firmware - 2.6.1.36
netgear / rbk43_satellite_firmware - 2.6.1.38
netgear / rbk43s_router_firmware - 2.6.1.36
netgear / rbk43s_satellite_firmware - 2.6.1.38
netgear / rbk44_router_firmware - 2.6.1.36
netgear / rbk44_satellite_firmware - 2.6.1.38
netgear / rbr40_firmware - 2.6.1.36
netgear / rbs40_firmware - 2.6.1.38
netgear / rbk50_firmware - 2.6.1.40
netgear / rbk50v_firmware - 2.6.1.40
netgear / rbk52w_firmware - 2.6.1.40
netgear / rbr50_firmware - 2.6.1.40
netgear / rbs50_firmware - 2.6.1.40