CVE-2020-27861: NETGEAR Orbi UA_Parser Host Name Command Injection Remote Code Execution Vulnerability
First published: Fri Feb 12 2021(Updated: )
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root.
Credit: zdi-disclosures@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NETGEAR Orbi | ||
| Netgear Cbk40 Firmware | <2.6.1.38 | |
| Netgear Cbk40 | ||
| NETGEAR Orbi | <2.6.1.38 | |
| Netgear Cbk43 | ||
| Netgear Cbr40 Firmware | <2.6.1.38 | |
| Netgear Cbr40 | ||
| Netgear Ex6200 Firmware | <1.0.1.82 | |
| Netgear EX6200 | =v2 | |
| Netgear Ex7700 Firmware | <1.0.0.210 | |
| NETGEAR EX7700 | ||
| NETGEAR R7800 | <1.0.1.224 | |
| Netgear Ex8000 | ||
| Netgear Rbk12 Firmware | <2.6.1.44 | |
| Netgear Rbk12 | ||
| Netgear Rbk13 Firmware | <2.6.1.44 | |
| Netgear Rbk13 | ||
| NETGEAR R7800 | <2.6.1.44 | |
| NETGEAR R7800 | ||
| NETGEAR R7800 | <2.6.1.44 | |
| Netgear Rbk15 | ||
| Netgear Rbr10 Firmware | <2.6.1.44 | |
| Netgear Rbr10 | ||
| Netgear Rbs10 Firmware | <2.6.1.44 | |
| Netgear Rbs10 | ||
| NETGEAR Orbi | <2.6.1.36 | |
| NETGEAR Orbi | ||
| Netgear Rbk23w Firmware | <2.6.1.36 | |
| NETGEAR Orbi | ||
| NETGEAR Orbi | <2.6.1.36 | |
| NETGEAR Orbi | <2.6.1.38 | |
| Netgear Rbk20 | ||
| Netgear Rbk22 Router Firmware | <2.6.1.36 | |
| Netgear Rbk22 Satellite Firmware | <2.6.1.38 | |
| Netgear Rbk22 | ||
| Netgear Rbk23 Router Firmware | <2.6.1.36 | |
| NETGEAR Orbi | <2.6.1.38 | |
| Netgear Rbk23 | ||
| Netgear Rbr20 Firmware | <2.6.1.36 | |
| Netgear Rbr20 | ||
| Netgear Rbs20 Firmware | <2.6.1.38 | |
| Netgear Rbs20 | ||
| NETGEAR Orbi | <2.6.1.36 | |
| NETGEAR Orbi | ||
| Netgear Rbk33 Firmware | <2.6.1.36 | |
| NETGEAR Orbi | ||
| NETGEAR Orbi | <2.6.1.36 | |
| NETGEAR Orbi | <2.6.1.38 | |
| Netgear Rbk40 | ||
| NETGEAR Orbi | <2.6.1.36 | |
| NETGEAR Orbi | <2.6.1.38 | |
| NETGEAR R7800 | ||
| NETGEAR Orbi | <2.6.1.36 | |
| NETGEAR Orbi | <2.6.1.38 | |
| NETGEAR R7800 | ||
| Netgear Rbk44 Router Firmware | <2.6.1.36 | |
| NETGEAR Orbi | <2.6.1.38 | |
| NETGEAR R7800 | ||
| Netgear Rbr40 Firmware | <2.6.1.36 | |
| Netgear Rbr40 | ||
| Netgear Rbs40 Firmware | <2.6.1.38 | |
| Netgear Rbs40 | ||
| Netgear Rbk50 Firmware | <2.6.1.40 | |
| Netgear Rbk50 | ||
| Netgear Rbk50v Firmware | <2.6.1.40 | |
| Netgear Rbk50v | ||
| NETGEAR Orbi | <2.6.1.40 | |
| NETGEAR Orbi | ||
| Netgear Rbr50 Firmware | <2.6.1.40 | |
| Netgear Rbr50 | ||
| Netgear Rbs50 Firmware | <2.6.1.40 | |
| Netgear Rbs50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/zdi-advisory
- alias/ZDI-20-1430
- alias/ZDI-CAN-11076
- alias/CVE-2020-27861
- collector/nvd-index
- vendor/netgear
- canonical/netgear orbi
- canonical/netgear cbk40 firmware
- canonical/netgear cbk40
- canonical/netgear cbk43
- canonical/netgear cbr40 firmware
- canonical/netgear cbr40
- canonical/netgear ex6200 firmware
- canonical/netgear ex6200
- version/netgear ex6200/v2
- canonical/netgear ex7700 firmware
- canonical/netgear ex7700
- canonical/netgear r7800
- canonical/netgear ex8000
- canonical/netgear rbk12 firmware
- canonical/netgear rbk12
- canonical/netgear rbk13 firmware
- canonical/netgear rbk13
- canonical/netgear rbk15
- canonical/netgear rbr10 firmware
- canonical/netgear rbr10
- canonical/netgear rbs10 firmware
- canonical/netgear rbs10
- canonical/netgear rbk23w firmware
- canonical/netgear rbk20
- canonical/netgear rbk22 router firmware
- canonical/netgear rbk22 satellite firmware
- canonical/netgear rbk22
- canonical/netgear rbk23 router firmware
- canonical/netgear rbk23
- canonical/netgear rbr20 firmware
- canonical/netgear rbr20
- canonical/netgear rbs20 firmware
- canonical/netgear rbs20
- canonical/netgear rbk33 firmware
- canonical/netgear rbk40
- canonical/netgear rbk44 router firmware
- canonical/netgear rbr40 firmware
- canonical/netgear rbr40
- canonical/netgear rbs40 firmware
- canonical/netgear rbs40
- canonical/netgear rbk50 firmware
- canonical/netgear rbk50
- canonical/netgear rbk50v firmware
- canonical/netgear rbk50v
- canonical/netgear rbr50 firmware
- canonical/netgear rbr50
- canonical/netgear rbs50 firmware
- canonical/netgear rbs50