netgear cbk40_firmware os命令中使用的特殊元素转义处理不恰当(os命令注入)
CVE编号
CVE-2020-27861利用情况
暂无补丁情况
N/A披露时间
2021-02-12漏洞描述
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Comman... | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1430/ |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | netgear | cbk40_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | cbk43_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | cbr40_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | ex6200_firmware | * | Up to (excluding) 1.0.1.82 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | ex7700_firmware | * | Up to (excluding) 1.0.0.210 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | ex8000_firmware | * | Up to (excluding) 1.0.1.224 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk12_firmware | * | Up to (excluding) 2.6.1.44 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk13_firmware | * | Up to (excluding) 2.6.1.44 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk14_firmware | * | Up to (excluding) 2.6.1.44 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk15_firmware | * | Up to (excluding) 2.6.1.44 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk20w_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk20_router_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk20_satellite_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk22_router_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk22_satellite_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk23w_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk23_router_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk23_satellite_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk30_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk33_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk40_router_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk40_satellite_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk43s_router_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk43s_satellite_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk43_router_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk43_satellite_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk44_router_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk44_satellite_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk50v_firmware | * | Up to (excluding) 2.6.1.40 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk50_firmware | * | Up to (excluding) 2.6.1.40 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbk52w_firmware | * | Up to (excluding) 2.6.1.40 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbr10_firmware | * | Up to (excluding) 2.6.1.44 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbr20_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbr40_firmware | * | Up to (excluding) 2.6.1.36 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbr50_firmware | * | Up to (excluding) 2.6.1.40 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbs10_firmware | * | Up to (excluding) 2.6.1.44 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbs20_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbs40_firmware | * | Up to (excluding) 2.6.1.38 | |||||
| 运行在以下环境 | |||||||||
| 系统 | netgear | rbs50_firmware | * | Up to (excluding) 2.6.1.40 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | cbk40 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | cbk43 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | cbr40 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | ex6200 | v2 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | ex7700 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | ex8000 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk12 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk13 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk14 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk15 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk20w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk22 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk23 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk23w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk30 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk33 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk40 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk43 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk43s | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk44 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk50 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk50v | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbk52w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbr10 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbr20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbr40 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbr50 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbs10 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbs20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbs40 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | netgear | rbs50 | - | - | |||||
- 攻击路径 相邻
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-78 | OS命令中使用的特殊元素转义处理不恰当(OS命令注入) |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论