mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
1067 lines
30 KiB
JSON
1067 lines
30 KiB
JSON
{
|
|
"id": "CVE-2020-27861",
|
|
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
|
"published": "2021-02-12T00:15:12.500",
|
|
"lastModified": "2021-03-23T18:54:23.193",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de los enrutadores NETGEAR Orbi versi\u00f3n 2.5.1.16. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico se presenta dentro de la utilidad UA_Parser. Una opci\u00f3n de nombre de host dise\u00f1ada en una petici\u00f3n DHCP puede desencadenar la ejecuci\u00f3n de una llamada de sistema compuesta a partir de una cadena suministrada por el usuario. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de root. Era ZDI-CAN-11076"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "zdi-disclosures@trendmicro.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
|
|
"accessVector": "ADJACENT_NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 8.3
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 6.5,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "zdi-disclosures@trendmicro.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-78"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-78"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:cbk40_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "6DA0F1EB-D7F3-466B-BE3F-0600C4120870"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E526746E-1ED6-492E-B28C-A1CA8235D9FD"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:cbk43_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "1A41A8FB-9891-4553-BD1E-BB11D904D774"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "582259CB-2616-4A3F-A9B6-C44640C00B11"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "6C9B6DD4-11E1-496F-909F-0A50203A8D01"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "1.0.1.82",
|
|
"matchCriteriaId": "CFB377D0-AF61-4A9F-B9B5-71F68B13E081"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B4F62287-CB55-4FB1-AA39-62018654BA39"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "1.0.0.210",
|
|
"matchCriteriaId": "6566C37A-252E-4301-952E-5C6F19F42326"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "1.0.1.224",
|
|
"matchCriteriaId": "456DA66C-6B99-4D0D-8F32-952905F9C752"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8D9781C9-799A-4BDA-A027-987627A01633"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.44",
|
|
"matchCriteriaId": "9EC30751-F447-45A7-8C57-B73042869EA5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D5465A78-4826-4F72-9CBE-528CBF286A79"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.44",
|
|
"matchCriteriaId": "2E7758BF-0AE4-46DB-A014-734F68AEEAA0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "783EEEE0-BB9A-4C54-82B2-046B1033091C"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.44",
|
|
"matchCriteriaId": "B7CD38DB-B4A3-460E-8F89-E85A0E0F5BD3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.44",
|
|
"matchCriteriaId": "3E25990D-C38A-44E7-A301-AB9E80A9D5CA"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B801EC38-5B86-49F2-AB81-63F0F07A9BBE"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.44",
|
|
"matchCriteriaId": "8246B8D3-8455-43B1-B0FA-F677B8FF84F5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.44",
|
|
"matchCriteriaId": "28DA498C-B466-422E-BAD2-A1F9A15B157F"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "32BAB5C0-F645-4A90-833F-6345335FA1AF"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk20w_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "78B13562-D83E-4FDB-9EFF-CA9178487F6D"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk20w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DCD3D5A1-AD84-448C-9749-6E6050BC7BD5"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk23w_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "2AF75EFB-3A9E-49C8-AC78-62E85A565BA5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk23w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A1922BDC-5675-40D6-ACB1-DA37CE29E983"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk20_router_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "4CC4CE9F-0BE6-411B-88DA-B556BF176A03"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk20_satellite_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "D00E9E02-41D7-449E-990E-B6D77E257C66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E6C9F31C-3E12-4787-9C9B-14883D9D152A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk22_router_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "DBEC1C34-0D1B-4F04-972B-631C5D4C949B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk22_satellite_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "441F02E6-28B8-4370-AFE0-CC0AC7BAE468"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk22:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2E1BA765-5318-4A96-885D-3078148A74E4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk23_router_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "C5679C75-E6C0-42A3-8F0C-AB01E521C654"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk23_satellite_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "1F03405C-03F0-4519-AB67-DF130B2F6A58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "17D7D346-6F52-4473-A4EA-6059C177BF0F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "C80BEFF8-7094-4F21-B9E7-EE5C8B9DF3B3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "04F03BE5-1440-4BC4-B902-97E702ED0ADF"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk30_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "9C67589C-60B0-4E0C-8A96-B14ACCDA3530"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk30:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FC72B028-AB28-43FC-9675-60CC8BAC0D03"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk33_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "728792F6-E1F9-4091-A3B7-E14E38046887"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk33:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "69EEAF94-1853-49A7-979E-A72393C9D2BE"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk40_router_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "6D0E7860-D090-4292-8695-6ADC62DBBF45"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk40_satellite_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "126A1A8E-6D4F-487C-A6C0-D3EB2227373F"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk43_router_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "FA824C34-9C10-4267-8756-CAB2D6C059E1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk43_satellite_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "6AE23B04-F203-43A4-AEFB-7B97C27AE8D9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EC2B9C48-9FE6-462B-88EE-046F15E66430"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk43s_router_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "90F559B5-D5B4-4A64-8739-9A085A648A3E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk43s_satellite_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "1BEB1817-8191-407B-97B2-3D93BCCB4184"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A5604E66-E9CC-4B78-AF6A-2341B30E3594"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk44_router_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "71232620-E9DE-4227-B531-685BB33BF3AC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk44_satellite_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "08102CF5-1CB9-4839-84F9-54233F4B1F09"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1924FC8B-4031-4EA3-B214-AF6F77D94654"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.36",
|
|
"matchCriteriaId": "1E21623E-9977-486F-93B1-858FC407E9D1"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A9E20E59-2B1E-4E43-A494-2C20FD716D4F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.38",
|
|
"matchCriteriaId": "A32769CF-7D0A-4A3F-AF20-6202CA0C6870"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6FDCDE39-0355-43B9-BF57-F3718DA2988D"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.40",
|
|
"matchCriteriaId": "A0E3BFCB-BFF8-4722-BE48-5FA93CACD3AD"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8BA66D07-D017-49D6-8E72-5C48E940DE1B"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk50v_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.40",
|
|
"matchCriteriaId": "D5540756-07E2-463E-8B45-87A1FEEE0B1D"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk50v:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "54453B5D-4E51-4DAB-8670-5A99C0D4CE3E"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbk52w_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.40",
|
|
"matchCriteriaId": "426AA184-3B9E-42AF-85E2-F034D7E9B845"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbk52w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B6FABBC7-5C16-4630-8185-AADF3A9D6E69"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.40",
|
|
"matchCriteriaId": "39D6318D-F5A2-4469-B508-075F2825F0FA"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.6.1.40",
|
|
"matchCriteriaId": "1F44708A-C946-4E0F-9D6C-A91AFB4C9EF3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems",
|
|
"source": "zdi-disclosures@trendmicro.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1430/",
|
|
"source": "zdi-disclosures@trendmicro.com",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
}
|
|
]
|
|
} |