What is the severity of CVE-2020-27861?

CVE-2020-27861 is classified as a high severity vulnerability allowing unauthenticated remote code execution.

How do I fix CVE-2020-27861?

To fix CVE-2020-27861, update the firmware of your NETGEAR Orbi routers and extenders to the latest version provided by NETGEAR.

What devices are affected by CVE-2020-27861?

CVE-2020-27861 affects several NETGEAR Orbi models and associated firmware versions, including Orbi RBK series routers.

Can CVE-2020-27861 be exploited remotely?

Yes, CVE-2020-27861 can be exploited remotely by network-adjacent attackers without authentication.

What type of vulnerability is CVE-2020-27861?

CVE-2020-27861 is a command injection vulnerability in the UA_Parser utility within NETGEAR Orbi routers.

Vulnerability/
CVE-2020-27861

high

8.8

CWE

11/2/2021

4/8/2024

CVE-2020-27861: NETGEAR Orbi UA_Parser Host Name Command Injection Remote Code Execution Vulnerability

First published: Thu Feb 11 2021(Updated: )

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.

Credit: zdi-disclosures@trendmicro.com

Affected Software	Affected Version	How to fix
NETGEAR Orbi
NETGEAR CBK40 firmware	<2.6.1.38
Netgear CBK40
NETGEAR CBK43 Firmware	<2.6.1.38
Netgear CBK43
NETGEAR CBR40 firmware	<2.6.1.38
Netgear CBR40
NETGEAR EX6200 firmware	<1.0.1.82
NETGEAR EX6200	=v2
NETGEAR EX7700	<1.0.0.210
NETGEAR EX7700
NETGEAR EX8000	<1.0.1.224
NETGEAR EX8000
NETGEAR RBK12 firmware	<2.6.1.44
NETGEAR RBK12 firmware
NETGEAR rbk13 firmware	<2.6.1.44
NETGEAR rbk13 firmware
NETGEAR rbk14 firmware	<2.6.1.44
NETGEAR rbk14 firmware
NETGEAR RBK15 Firmware	<2.6.1.44
NETGEAR RBK15 Firmware
NETGEAR RBR10 firmware	<2.6.1.44
NETGEAR RBR10 firmware
NETGEAR RBS10	<2.6.1.44
NETGEAR RBS10 firmware
NETGEAR RBK20	<2.6.1.36
NETGEAR Nighthawk Mesh WiFi 6 System (RBK20)
NETGEAR RBK23 Firmware	<2.6.1.36
NETGEAR RBK23 Firmware
NETGEAR RBK20 Router Firmware	<2.6.1.36
NETGEAR RBK20 Satellite Firmware	<2.6.1.38
NETGEAR RBK20 firmware
NETGEAR RBK22 Router Firmware	<2.6.1.36
NETGEAR RBK22 Satellite Firmware	<2.6.1.38
NETGEAR RBK22 firmware
NETGEAR RBK23 Firmware	<2.6.1.36
NETGEAR RBK23 Satellite Firmware	<2.6.1.38
NETGEAR Orbi RBK23
NETGEAR RBR20	<2.6.1.36
NETGEAR RBR20
NETGEAR RBS20 firmware	<2.6.1.38
NETGEAR RBS20 firmware
NETGEAR RBK30 Firmware	<2.6.1.36
NETGEAR RBK30 Firmware
NETGEAR rbk33 firmware	<2.6.1.36
NETGEAR RBK33
NETGEAR rbk40 router firmware	<2.6.1.36
NETGEAR rbk40 satellite firmware	<2.6.1.38
NETGEAR RBK40 firmware
NETGEAR RBK43S Firmware	<2.6.1.36
NETGEAR RBK43S Satellite Firmware	<2.6.1.38
NETGEAR RBK43 Router Firmware
NETGEAR RBK43S	<2.6.1.36
NETGEAR RBK43S Firmware	<2.6.1.38
NETGEAR RBK43S Firmware
NETGEAR RBK44 Satellite Firmware	<2.6.1.36
NETGEAR RBK44 Satellite Firmware	<2.6.1.38
NETGEAR RBK44 Satellite Firmware
NETGEAR CBR40 firmware	<2.6.1.36
NETGEAR RBR40 firmware
NETGEAR RBS40 firmware	<2.6.1.38
NETGEAR RBS40 firmware
NETGEAR RBK50 firmware	<2.6.1.40
NETGEAR RBK50
NETGEAR RBK50V firmware	<2.6.1.40
NETGEAR RBK50V firmware
NETGEAR rbk52w firmware	<2.6.1.40
NETGEAR RBK52
NETGEAR RBR50 firmware	<2.6.1.40
NETGEAR RBR50 firmware
NETGEAR RBS50 firmware	<2.6.1.40
NETGEAR RBS50

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-27861?
CVE-2020-27861 is classified as a high severity vulnerability allowing unauthenticated remote code execution.
How do I fix CVE-2020-27861?
To fix CVE-2020-27861, update the firmware of your NETGEAR Orbi routers and extenders to the latest version provided by NETGEAR.
What devices are affected by CVE-2020-27861?
CVE-2020-27861 affects several NETGEAR Orbi models and associated firmware versions, including Orbi RBK series routers.
Can CVE-2020-27861 be exploited remotely?
Yes, CVE-2020-27861 can be exploited remotely by network-adjacent attackers without authentication.
What type of vulnerability is CVE-2020-27861?
CVE-2020-27861 is a command injection vulnerability in the UA_Parser utility within NETGEAR Orbi routers.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/weakness
agent/author
agent/last-modified-date
agent/description
agent/first-publish-date
collector/zdi-advisory
source/ZDI
alias/ZDI-20-1430
alias/ZDI-CAN-11076
alias/CVE-2020-27861
agent/software-canonical-lookup
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/netgear
canonical/netgear orbi
canonical/netgear cbk40 firmware
canonical/netgear cbk40
canonical/netgear cbk43 firmware
canonical/netgear cbk43
canonical/netgear cbr40 firmware
canonical/netgear cbr40
canonical/netgear ex6200 firmware
canonical/netgear ex6200
version/netgear ex6200/v2
canonical/netgear ex7700
canonical/netgear ex8000
canonical/netgear rbk12 firmware
canonical/netgear rbk13 firmware
canonical/netgear rbk14 firmware
canonical/netgear rbk15 firmware
canonical/netgear rbr10 firmware
canonical/netgear rbs10
canonical/netgear rbs10 firmware
canonical/netgear rbk20
canonical/netgear nighthawk mesh wifi 6 system (rbk20)
canonical/netgear rbk23 firmware
canonical/netgear rbk20 router firmware
canonical/netgear rbk20 satellite firmware
canonical/netgear rbk20 firmware
canonical/netgear rbk22 router firmware
canonical/netgear rbk22 satellite firmware
canonical/netgear rbk22 firmware
canonical/netgear rbk23 satellite firmware
canonical/netgear orbi rbk23
canonical/netgear rbr20
canonical/netgear rbs20 firmware
canonical/netgear rbk30 firmware
canonical/netgear rbk33 firmware
canonical/netgear rbk33
canonical/netgear rbk40 router firmware
canonical/netgear rbk40 satellite firmware
canonical/netgear rbk40 firmware
canonical/netgear rbk43s firmware
canonical/netgear rbk43s satellite firmware
canonical/netgear rbk43 router firmware
canonical/netgear rbk43s
canonical/netgear rbk44 satellite firmware
canonical/netgear rbr40 firmware
canonical/netgear rbs40 firmware
canonical/netgear rbk50 firmware
canonical/netgear rbk50
canonical/netgear rbk50v firmware
canonical/netgear rbk52w firmware
canonical/netgear rbk52
canonical/netgear rbr50 firmware
canonical/netgear rbs50 firmware
canonical/netgear rbs50