HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-27872

CVSS 8.8v3.1pub. 2021-02-04upd. 2024-11-21

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Ac2100

    HW
    Netgear
    wszystkie wersje
  • Netgear Ac2100 Firmware

    OS
    Netgear
    < 1.2.0.76
  • Netgear Ac2400

    HW
    Netgear
    wszystkie wersje
  • Netgear Ac2400 Firmware

    OS
    Netgear
    < 1.2.0.76
  • Netgear Ac2600

    HW
    Netgear
    wszystkie wersje
  • Netgear Ac2600 Firmware

    OS
    Netgear
    < 1.2.0.76
  • Netgear R6020

    HW
    Netgear
    wszystkie wersje
  • Netgear R6020 Firmware

    OS
    Netgear
    < 1.0.0.48
  • Netgear R6080

    HW
    Netgear
    wszystkie wersje
  • Netgear R6080 Firmware

    OS
    Netgear
    < 1.0.0.48
  • Netgear R6120

    HW
    Netgear
    wszystkie wersje
  • Netgear R6120 Firmware

    OS
    Netgear
    < 1.0.0.76
  • Netgear R6220

    HW
    Netgear
    wszystkie wersje
  • Netgear R6220 Firmware

    OS
    Netgear
    < 1.1.0.104
  • Netgear R6230

    HW
    Netgear
    wszystkie wersje
  • Netgear R6230 Firmware

    OS
    Netgear
    < 1.1.0.104
  • Netgear R6260

    HW
    Netgear
    wszystkie wersje
  • Netgear R6260 Firmware

    OS
    Netgear
    < 1.1.0.78
  • Netgear R6330

    HW
    Netgear
    wszystkie wersje
  • Netgear R6330 Firmware

    OS
    Netgear
    < 1.1.0.78
  • Netgear R6350

    HW
    Netgear
    wszystkie wersje
  • Netgear R6350 Firmware

    OS
    Netgear
    < 1.1.0.78
  • Netgear R6700

    HW
    Netgear
    v2
  • Netgear R6700 Firmware

    OS
    Netgear
    < 1.2.0.76
  • Netgear R6800

    HW
    Netgear
    wszystkie wersje
  • Netgear R6800 Firmware

    OS
    Netgear
    < 1.2.0.76
  • Netgear R6850

    HW
    Netgear
    wszystkie wersje
  • Netgear R6850 Firmware

    OS
    Netgear
    < 1.1.0.78
  • Netgear R6900

    HW
    Netgear
    v2
  • Netgear R6900 Firmware

    OS
    Netgear
    < 1.2.0.76
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2016-10174CRITICAL9.8⚠ KEVten sam produkt

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL...

CVE-2024-30568CRITICAL9.8PL ✓ten sam produkt

Command injection w Netgear R6850 poprzez parametr c4-IPAddr

CVE-2023-30280CRITICAL9.8ten sam produkt

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows ...

CVE-2021-45501CRITICAL9.4ten sam produkt

Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 bef...

CVE-2021-38516CRITICAL10.0ten sam produkt

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 befor...