Strix
26.1K

CVE-2020-27867

MEDIUMCVSS 6.8/10EPSS 2.34%

Last modified

CVE-2020-27867 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. EPSS estimates a 2.34% chance of exploitation in the next 30 days.

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.

Metrics

CVSS 3.1
6.8/10

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
2.34%

81.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NetgearAc2100 Firmware< 1.2.0.76
NetgearAc2400 Firmware< 1.2.0.76
NetgearAc2600 Firmware< 1.2.0.76
NetgearR6700 Firmware< 1.2.0.76
NetgearR6800 Firmware< 1.2.0.76
NetgearR6900 Firmware< 1.2.0.76
NetgearR7200 Firmware< 1.2.0.76
NetgearR7350 Firmware< 1.2.0.76
NetgearR7400 Firmware< 1.2.0.76
NetgearR7450 Firmware< 1.2.0.76
NetgearR6220 Firmware< 1.1.0.104
NetgearR6230 Firmware< 1.1.0.104
NetgearR6260 Firmware< 1.1.0.78
NetgearR6330 Firmware< 1.1.0.78
NetgearR6350 Firmware< 1.1.0.78
NetgearR6850 Firmware< 1.1.0.78
NetgearR6120 Firmware< 1.0.0.76
NetgearR6020 Firmware< 1.0.0.48
NetgearR6080 Firmware< 1.0.0.48

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-27867?
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.
How severe is CVE-2020-27867?
CVE-2020-27867 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 2.34% probability of exploitation in the next 30 days.
How do I fix CVE-2020-27867?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-27867?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST