First published: Fri Feb 12 2021(Updated: )
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root.
Credit: zdi-disclosures@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
NETGEAR Orbi | ||
Netgear Cbk40 Firmware | <2.6.1.38 | |
Netgear Cbk40 | ||
NETGEAR Orbi | <2.6.1.38 | |
Netgear Cbk43 | ||
Netgear Cbr40 Firmware | <2.6.1.38 | |
Netgear Cbr40 | ||
Netgear Ex6200 Firmware | <1.0.1.82 | |
Netgear EX6200 | =v2 | |
Netgear Ex7700 Firmware | <1.0.0.210 | |
NETGEAR EX7700 | ||
NETGEAR R7800 | <1.0.1.224 | |
Netgear Ex8000 | ||
Netgear Rbk12 Firmware | <2.6.1.44 | |
Netgear Rbk12 | ||
Netgear Rbk13 Firmware | <2.6.1.44 | |
Netgear Rbk13 | ||
NETGEAR R7800 | <2.6.1.44 | |
NETGEAR R7800 | ||
NETGEAR R7800 | <2.6.1.44 | |
Netgear Rbk15 | ||
Netgear Rbr10 Firmware | <2.6.1.44 | |
Netgear Rbr10 | ||
Netgear Rbs10 Firmware | <2.6.1.44 | |
Netgear Rbs10 | ||
NETGEAR Orbi | <2.6.1.36 | |
NETGEAR Orbi | ||
Netgear Rbk23w Firmware | <2.6.1.36 | |
NETGEAR Orbi | ||
NETGEAR Orbi | <2.6.1.36 | |
NETGEAR Orbi | <2.6.1.38 | |
Netgear Rbk20 | ||
Netgear Rbk22 Router Firmware | <2.6.1.36 | |
Netgear Rbk22 Satellite Firmware | <2.6.1.38 | |
Netgear Rbk22 | ||
Netgear Rbk23 Router Firmware | <2.6.1.36 | |
NETGEAR Orbi | <2.6.1.38 | |
Netgear Rbk23 | ||
Netgear Rbr20 Firmware | <2.6.1.36 | |
Netgear Rbr20 | ||
Netgear Rbs20 Firmware | <2.6.1.38 | |
Netgear Rbs20 | ||
NETGEAR Orbi | <2.6.1.36 | |
NETGEAR Orbi | ||
Netgear Rbk33 Firmware | <2.6.1.36 | |
NETGEAR Orbi | ||
NETGEAR Orbi | <2.6.1.36 | |
NETGEAR Orbi | <2.6.1.38 | |
Netgear Rbk40 | ||
NETGEAR Orbi | <2.6.1.36 | |
NETGEAR Orbi | <2.6.1.38 | |
NETGEAR R7800 | ||
NETGEAR Orbi | <2.6.1.36 | |
NETGEAR Orbi | <2.6.1.38 | |
NETGEAR R7800 | ||
Netgear Rbk44 Router Firmware | <2.6.1.36 | |
NETGEAR Orbi | <2.6.1.38 | |
NETGEAR R7800 | ||
Netgear Rbr40 Firmware | <2.6.1.36 | |
Netgear Rbr40 | ||
Netgear Rbs40 Firmware | <2.6.1.38 | |
Netgear Rbs40 | ||
Netgear Rbk50 Firmware | <2.6.1.40 | |
Netgear Rbk50 | ||
Netgear Rbk50v Firmware | <2.6.1.40 | |
Netgear Rbk50v | ||
NETGEAR Orbi | <2.6.1.40 | |
NETGEAR Orbi | ||
Netgear Rbr50 Firmware | <2.6.1.40 | |
Netgear Rbr50 | ||
Netgear Rbs50 Firmware | <2.6.1.40 | |
Netgear Rbs50 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.