Vulnerabilites related to netgear - rbk33
cve-2020-27861
Vulnerability from cvelistv5
Published
2021-02-11 23:35
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:25:43.503Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Orbi", vendor: "NETGEAR", versions: [ { status: "affected", version: "2.5.1.16", }, ], }, ], credits: [ { lang: "en", value: "Shaunak Mirani", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-12T13:50:22", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "zdi-disclosures@trendmicro.com", ID: "CVE-2020-27861", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Orbi", version: { version_data: [ { version_value: "2.5.1.16", }, ], }, }, ], }, vendor_name: "NETGEAR", }, ], }, }, credit: "Shaunak Mirani", data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.", }, ], }, impact: { cvss: { vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/", }, { name: "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems", refsource: "MISC", url: "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2020-27861", datePublished: "2021-02-11T23:35:36", dateReserved: "2020-10-27T00:00:00", dateUpdated: "2024-08-04T16:25:43.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-02-12 00:15
Modified
2024-11-21 05:21
Severity ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cbk40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6DA0F1EB-D7F3-466B-BE3F-0600C4120870", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "E526746E-1ED6-492E-B28C-A1CA8235D9FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cbk43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1A41A8FB-9891-4553-BD1E-BB11D904D774", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*", matchCriteriaId: "582259CB-2616-4A3F-A9B6-C44640C00B11", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6C9B6DD4-11E1-496F-909F-0A50203A8D01", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CFB377D0-AF61-4A9F-B9B5-71F68B13E081", versionEndExcluding: "1.0.1.82", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", matchCriteriaId: "B4F62287-CB55-4FB1-AA39-62018654BA39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6566C37A-252E-4301-952E-5C6F19F42326", versionEndExcluding: "1.0.0.210", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", matchCriteriaId: "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "456DA66C-6B99-4D0D-8F32-952905F9C752", versionEndExcluding: "1.0.1.224", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", matchCriteriaId: "8D9781C9-799A-4BDA-A027-987627A01633", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9EC30751-F447-45A7-8C57-B73042869EA5", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", matchCriteriaId: "D5465A78-4826-4F72-9CBE-528CBF286A79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E7758BF-0AE4-46DB-A014-734F68AEEAA0", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", matchCriteriaId: "783EEEE0-BB9A-4C54-82B2-046B1033091C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B7CD38DB-B4A3-460E-8F89-E85A0E0F5BD3", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", matchCriteriaId: "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E25990D-C38A-44E7-A301-AB9E80A9D5CA", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", matchCriteriaId: "B801EC38-5B86-49F2-AB81-63F0F07A9BBE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8246B8D3-8455-43B1-B0FA-F677B8FF84F5", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", matchCriteriaId: "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28DA498C-B466-422E-BAD2-A1F9A15B157F", versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", matchCriteriaId: "32BAB5C0-F645-4A90-833F-6345335FA1AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "78B13562-D83E-4FDB-9EFF-CA9178487F6D", versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20w:-:*:*:*:*:*:*:*", matchCriteriaId: "DCD3D5A1-AD84-448C-9749-6E6050BC7BD5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk23w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF75EFB-3A9E-49C8-AC78-62E85A565BA5", versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk23w:-:*:*:*:*:*:*:*", matchCriteriaId: "A1922BDC-5675-40D6-ACB1-DA37CE29E983", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk20_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CC4CE9F-0BE6-411B-88DA-B556BF176A03", versionEndExcluding: "2.6.1.36", vulnerable: true, }, { criteria: "cpe:2.3:o:netgear:rbk20_satellite_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D00E9E02-41D7-449E-990E-B6D77E257C66", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", matchCriteriaId: "E6C9F31C-3E12-4787-9C9B-14883D9D152A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk22_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DBEC1C34-0D1B-4F04-972B-631C5D4C949B", versionEndExcluding: "2.6.1.36", vulnerable: true, }, { criteria: "cpe:2.3:o:netgear:rbk22_satellite_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "441F02E6-28B8-4370-AFE0-CC0AC7BAE468", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk22:-:*:*:*:*:*:*:*", matchCriteriaId: "2E1BA765-5318-4A96-885D-3078148A74E4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk23_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C5679C75-E6C0-42A3-8F0C-AB01E521C654", versionEndExcluding: "2.6.1.36", vulnerable: true, }, { criteria: "cpe:2.3:o:netgear:rbk23_satellite_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1F03405C-03F0-4519-AB67-DF130B2F6A58", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", matchCriteriaId: "17D7D346-6F52-4473-A4EA-6059C177BF0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C80BEFF8-7094-4F21-B9E7-EE5C8B9DF3B3", versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", matchCriteriaId: "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "04F03BE5-1440-4BC4-B902-97E702ED0ADF", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", matchCriteriaId: "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk30_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C67589C-60B0-4E0C-8A96-B14ACCDA3530", versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk30:-:*:*:*:*:*:*:*", matchCriteriaId: "FC72B028-AB28-43FC-9675-60CC8BAC0D03", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk33_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "728792F6-E1F9-4091-A3B7-E14E38046887", versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk33:-:*:*:*:*:*:*:*", matchCriteriaId: "69EEAF94-1853-49A7-979E-A72393C9D2BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk40_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D0E7860-D090-4292-8695-6ADC62DBBF45", versionEndExcluding: "2.6.1.36", vulnerable: true, }, { criteria: "cpe:2.3:o:netgear:rbk40_satellite_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "126A1A8E-6D4F-487C-A6C0-D3EB2227373F", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", matchCriteriaId: "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA824C34-9C10-4267-8756-CAB2D6C059E1", versionEndExcluding: "2.6.1.36", vulnerable: true, }, { criteria: "cpe:2.3:o:netgear:rbk43_satellite_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6AE23B04-F203-43A4-AEFB-7B97C27AE8D9", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", matchCriteriaId: "EC2B9C48-9FE6-462B-88EE-046F15E66430", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk43s_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90F559B5-D5B4-4A64-8739-9A085A648A3E", versionEndExcluding: "2.6.1.36", vulnerable: true, }, { criteria: "cpe:2.3:o:netgear:rbk43s_satellite_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1BEB1817-8191-407B-97B2-3D93BCCB4184", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", matchCriteriaId: "A5604E66-E9CC-4B78-AF6A-2341B30E3594", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk44_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "71232620-E9DE-4227-B531-685BB33BF3AC", versionEndExcluding: "2.6.1.36", vulnerable: true, }, { criteria: "cpe:2.3:o:netgear:rbk44_satellite_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "08102CF5-1CB9-4839-84F9-54233F4B1F09", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", matchCriteriaId: "1924FC8B-4031-4EA3-B214-AF6F77D94654", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E21623E-9977-486F-93B1-858FC407E9D1", versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", matchCriteriaId: "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A32769CF-7D0A-4A3F-AF20-6202CA0C6870", versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", matchCriteriaId: "6FDCDE39-0355-43B9-BF57-F3718DA2988D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A0E3BFCB-BFF8-4722-BE48-5FA93CACD3AD", versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA66D07-D017-49D6-8E72-5C48E940DE1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk50v_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5540756-07E2-463E-8B45-87A1FEEE0B1D", versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk50v:-:*:*:*:*:*:*:*", matchCriteriaId: "54453B5D-4E51-4DAB-8670-5A99C0D4CE3E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbk52w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "426AA184-3B9E-42AF-85E2-F034D7E9B845", versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbk52w:-:*:*:*:*:*:*:*", matchCriteriaId: "B6FABBC7-5C16-4630-8185-AADF3A9D6E69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "39D6318D-F5A2-4469-B508-075F2825F0FA", versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1F44708A-C946-4E0F-9D6C-A91AFB4C9EF3", versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.", }, { lang: "es", value: "Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar código arbitrario en las instalaciones afectadas de los enrutadores NETGEAR Orbi versión 2.5.1.16. No es requerida una autenticación para explotar esta vulnerabilidad. El fallo específico se presenta dentro de la utilidad UA_Parser. Una opción de nombre de host diseñada en una petición DHCP puede desencadenar la ejecución de una llamada de sistema compuesta a partir de una cadena suministrada por el usuario. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de root. Era ZDI-CAN-11076", }, ], id: "CVE-2020-27861", lastModified: "2024-11-21T05:21:57.107", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-12T00:15:12.500", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-202102-0332
Vulnerability from variot
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076. NETGEAR Orbi Has OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11076 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0332", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rbk22 router", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbr20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbr50", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.40", }, { model: "rbk20 router", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbk50v", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.40", }, { model: "rbk44 router", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbk23 satellite", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rbk40 router", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbs20", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rbk20w", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbk43s satellite", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rbk43 router", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "cbk40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rbk14", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "cbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rbk44 satellite", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rbs10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "rbk20 satellite", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "cbk43", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rbs40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rbk43s router", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbk22 satellite", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "ex8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.224", }, { model: "ex6200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.82", }, { model: "rbk23 router", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbk43 satellite", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rbk33", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbk40 satellite", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.38", }, { model: "rbk52w", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.40", }, { model: "ex7700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.210", }, { model: "rbk30", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbs50", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.40", }, { model: "rbk23w", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbr10", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "rbk15", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "rbr40", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.36", }, { model: "rbk50", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.40", }, { model: "rbk13", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "rbk12", scope: "lt", trust: 1, vendor: "netgear", version: "2.6.1.44", }, { model: "cbk43", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbk12", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "cbr40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex7700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex6200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ex8000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "cbk40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbk15", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbk13", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rbk14", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "orbi", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-20-1430", }, { db: "JVNDB", id: "JVNDB-2020-015997", }, { db: "NVD", id: "CVE-2020-27861", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:cbk40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:cbk43_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.82", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.0.210", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1.224", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.44", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20w_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20w:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk23w_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk23w:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk20_router_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:netgear:rbk20_satellite_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk22_router_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:netgear:rbk22_satellite_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk22:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk23_router_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:netgear:rbk23_satellite_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk30_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk30:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk33_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk33:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk40_router_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:netgear:rbk40_satellite_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43_router_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:netgear:rbk43_satellite_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk43s_router_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:netgear:rbk43s_satellite_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk44_router_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:netgear:rbk44_satellite_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.36", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.38", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk50v_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk50v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbk52w_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbk52w:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.6.1.40", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-27861", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Shaunak Mirani", sources: [ { db: "ZDI", id: "ZDI-20-1430", }, ], trust: 0.7, }, cve: "CVE-2020-27861", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 6.5, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 8.3, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2020-27861", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-27861", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2020-27861", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-27861", trust: 1.8, value: "HIGH", }, { author: "zdi-disclosures@trendmicro.com", id: "CVE-2020-27861", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2020-27861", trust: 0.7, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202102-1082", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2020-27861", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-20-1430", }, { db: "VULMON", id: "CVE-2020-27861", }, { db: "JVNDB", id: "JVNDB-2020-015997", }, { db: "NVD", id: "CVE-2020-27861", }, { db: "NVD", id: "CVE-2020-27861", }, { db: "CNNVD", id: "CNNVD-202102-1082", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076. NETGEAR Orbi Has OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11076 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2020-27861", }, { db: "JVNDB", id: "JVNDB-2020-015997", }, { db: "ZDI", id: "ZDI-20-1430", }, { db: "VULMON", id: "CVE-2020-27861", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-27861", trust: 3.2, }, { db: "ZDI", id: "ZDI-20-1430", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2020-015997", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-11076", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-202102-1082", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-27861", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-20-1430", }, { db: "VULMON", id: "CVE-2020-27861", }, { db: "JVNDB", id: "JVNDB-2020-015997", }, { db: "NVD", id: "CVE-2020-27861", }, { db: "CNNVD", id: "CNNVD-202102-1082", }, ], }, id: "VAR-202102-0332", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.29699992500000005, }, last_update_date: "2023-12-18T13:17:59.292000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Unauthenticated Command Injection Vulnerability on Some Extenders and Orbi WiFi Systems, PSV-2020-0301", trust: 0.8, url: "https://kb.netgear.com/000062507/security-advisory-for-unauthenticated-command-injection-vulnerability-on-some-extenders-and-orbi-wifi-systems-psv-2020-0301", }, { title: "NETGEAR has issued an update to correct this vulnerability.", trust: 0.7, url: "https://kb.netgear.com/000062507/security-advisory-for-unauthenticated-command-injection-vulnerability-on-some-extenders-and-orbi-wifi-systems", }, { title: "Netgear NETGEAR Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142366", }, { title: "", trust: 0.1, url: "https://github.com/f1tao/awesome-iot-security-resource ", }, ], sources: [ { db: "ZDI", id: "ZDI-20-1430", }, { db: "VULMON", id: "CVE-2020-27861", }, { db: "JVNDB", id: "JVNDB-2020-015997", }, { db: "CNNVD", id: "CNNVD-202102-1082", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015997", }, { db: "NVD", id: "CVE-2020-27861", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.zerodayinitiative.com/advisories/zdi-20-1430/", }, { trust: 2.4, url: "https://kb.netgear.com/000062507/security-advisory-for-unauthenticated-command-injection-vulnerability-on-some-extenders-and-orbi-wifi-systems", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-27861", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/f1tao/awesome-iot-security-resource", }, ], sources: [ { db: "ZDI", id: "ZDI-20-1430", }, { db: "VULMON", id: "CVE-2020-27861", }, { db: "JVNDB", id: "JVNDB-2020-015997", }, { db: "NVD", id: "CVE-2020-27861", }, { db: "CNNVD", id: "CNNVD-202102-1082", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-20-1430", }, { db: "VULMON", id: "CVE-2020-27861", }, { db: "JVNDB", id: "JVNDB-2020-015997", }, { db: "NVD", id: "CVE-2020-27861", }, { db: "CNNVD", id: "CNNVD-202102-1082", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-12-15T00:00:00", db: "ZDI", id: "ZDI-20-1430", }, { date: "2021-02-12T00:00:00", db: "VULMON", id: "CVE-2020-27861", }, { date: "2021-10-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-015997", }, { date: "2021-02-12T00:15:12.500000", db: "NVD", id: "CVE-2020-27861", }, { date: "2021-02-11T00:00:00", db: "CNNVD", id: "CNNVD-202102-1082", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-12-15T00:00:00", db: "ZDI", id: "ZDI-20-1430", }, { date: "2021-03-23T00:00:00", db: "VULMON", id: "CVE-2020-27861", }, { date: "2021-10-29T09:04:00", db: "JVNDB", id: "JVNDB-2020-015997", }, { date: "2021-03-23T18:54:23.193000", db: "NVD", id: "CVE-2020-27861", }, { date: "2021-03-19T00:00:00", db: "CNNVD", id: "CNNVD-202102-1082", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202102-1082", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NETGEAR Orbi In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2020-015997", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202102-1082", }, ], trust: 0.6, }, }