This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.
References
Link | Resource |
---|---|
https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-071/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
History
08 Feb 2021, 20:12
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers - Vendor Advisory | |
References | (N/A) https://www.zerodayinitiative.com/advisories/ZDI-21-071/ - Third Party Advisory, VDB Entry | |
CWE | CWE-668 | |
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 8.8 |
CPE | cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:* cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:* |
04 Feb 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
Summary | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365. |
04 Feb 2021, 18:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-04 17:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-27872
Mitre link : CVE-2020-27872
CVE.ORG link : CVE-2020-27872
JSON object : View
Products Affected
netgear
- r7200_firmware
- r6120_firmware
- r6900
- r6020
- r6900_firmware
- r6800
- r6850_firmware
- r6080
- r6260_firmware
- r6220_firmware
- r7350
- ac2600_firmware
- r7400
- r6120
- r6700
- r6800_firmware
- r7450
- ac2100_firmware
- r7200
- r7450_firmware
- r6850
- r7350_firmware
- r6330
- ac2400_firmware
- r6220
- ac2400
- r6700_firmware
- ac2600
- r6230
- r6260
- r6080_firmware
- r6020_firmware
- r6350
- ac2100
- r6230_firmware
- r6330_firmware
- r7400_firmware
- r6350_firmware