|
2021-02-12
|
CVE-2020-27861
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.
|
Cbk40_firmware, Cbk43_firmware, Cbr40_firmware, Ex6200_firmware, Ex7700_firmware, Ex8000_firmware, Rbk12_firmware, Rbk13_firmware, Rbk14_firmware, Rbk15_firmware, Rbk20_router_firmware, Rbk20_satellite_firmware, Rbk20w_firmware, Rbk22_router_firmware, Rbk22_satellite_firmware, Rbk23_router_firmware, Rbk23_satellite_firmware, Rbk23w_firmware, Rbk30_firmware, Rbk33_firmware, Rbk40_router_firmware, Rbk40_satellite_firmware, Rbk43_router_firmware, Rbk43_satellite_firmware, Rbk43s_router_firmware, Rbk43s_satellite_firmware, Rbk44_router_firmware, Rbk44_satellite_firmware, Rbk50_firmware, Rbk50v_firmware, Rbk52w_firmware, Rbr10_firmware, Rbr20_firmware, Rbr40_firmware, Rbr50_firmware, Rbs10_firmware, Rbs20_firmware, Rbs40_firmware, Rbs50_firmware
|
8.8
|
|
|