cnvd - cnvd-2022-06704

cnvd-2022-06704

Vulnerability from cnvd

Title

NETGEAR R7450认证绕过漏洞

Description

NETGEAR R7450是美国网件（Netgear）公司的一款路由器。连接两个或多个网络的硬件设备，在网络间起网关的作用。 NETGEAR R7450存在认证绕过漏洞，该漏洞源于密码恢复过程中状态跟踪不当。攻击者可利用该漏洞绕过认证。

Severity

中

Patch Name

NETGEAR R7450认证绕过漏洞的补丁

Patch Description

NETGEAR R7450是美国网件（Netgear）公司的一款路由器。连接两个或多个网络的硬件设备，在网络间起网关的作用。 NETGEAR R7450存在认证绕过漏洞，该漏洞源于密码恢复过程中状态跟踪不当。攻击者可利用该漏洞绕过认证。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-27872

Impacted products

Name
['NETGEAR R6260 <1.1.0.78', 'NETGEAR R7450 <1.2.0.76', 'NETGEAR AC2100 <1.2.0.76', 'NETGEAR AC2400 <1.2.0.76', 'NETGEAR R6020 <1.0.0.48', 'NETGEAR R6080 <1.0.0.48', 'NETGEAR R6800 <1.2.0.76', 'NETGEAR R6850 <1.1.0.78', 'NETGEAR R7200 <1.2.0.76', 'NETGEAR R7350 <1.2.0.76', 'NETGEAR R7400 <1.2.0.76', 'NETGEAR AC2600 <1.2.0.76', 'NETGEAR R6350 <1.1.0.78', 'NETGEAR R6330 <1.1.0.78', 'NETGEAR R6700 <1.2.0.76', 'NETGEAR R6900 <1.2.0.76', 'NETGEAR R6220 <1.1.0.104', 'NETGEAR R6230 <1.1.0.104']

Name

['NETGEAR R6260 <1.1.0.78', 'NETGEAR R7450 <1.2.0.76', 'NETGEAR AC2100 <1.2.0.76', 'NETGEAR AC2400 <1.2.0.76', 'NETGEAR R6020 <1.0.0.48', 'NETGEAR R6080 <1.0.0.48', 'NETGEAR R6800 <1.2.0.76', 'NETGEAR R6850 <1.1.0.78', 'NETGEAR R7200 <1.2.0.76', 'NETGEAR R7350 <1.2.0.76', 'NETGEAR R7400 <1.2.0.76', 'NETGEAR AC2600 <1.2.0.76', 'NETGEAR R6350 <1.1.0.78', 'NETGEAR R6330 <1.1.0.78', 'NETGEAR R6700 <1.2.0.76', 'NETGEAR R6900 <1.2.0.76', 'NETGEAR R6220 <1.1.0.104', 'NETGEAR R6230 <1.1.0.104']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-27872",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-27872"
    }
  },
  "description": "NETGEAR R7450\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08Netgear\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u3002\u8fde\u63a5\u4e24\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u7684\u786c\u4ef6\u8bbe\u5907\uff0c\u5728\u7f51\u7edc\u95f4\u8d77\u7f51\u5173\u7684\u4f5c\u7528\u3002\n\nNETGEAR R7450\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bc6\u7801\u6062\u590d\u8fc7\u7a0b\u4e2d\u72b6\u6001\u8ddf\u8e2a\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8ba4\u8bc1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-06704",
  "openTime": "2022-01-25",
  "patchDescription": "NETGEAR R7450\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08Netgear\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u3002\u8fde\u63a5\u4e24\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u7684\u786c\u4ef6\u8bbe\u5907\uff0c\u5728\u7f51\u7edc\u95f4\u8d77\u7f51\u5173\u7684\u4f5c\u7528\u3002\r\n\r\nNETGEAR R7450\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bc6\u7801\u6062\u590d\u8fc7\u7a0b\u4e2d\u72b6\u6001\u8ddf\u8e2a\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8ba4\u8bc1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NETGEAR R7450\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NETGEAR R6260 \u003c1.1.0.78",
      "NETGEAR R7450 \u003c1.2.0.76",
      "NETGEAR AC2100 \u003c1.2.0.76",
      "NETGEAR AC2400 \u003c1.2.0.76",
      "NETGEAR R6020 \u003c1.0.0.48",
      "NETGEAR R6080 \u003c1.0.0.48",
      "NETGEAR R6800 \u003c1.2.0.76",
      "NETGEAR R6850 \u003c1.1.0.78",
      "NETGEAR R7200 \u003c1.2.0.76",
      "NETGEAR R7350 \u003c1.2.0.76",
      "NETGEAR R7400 \u003c1.2.0.76",
      "NETGEAR AC2600 \u003c1.2.0.76",
      "NETGEAR R6350 \u003c1.1.0.78",
      "NETGEAR R6330 \u003c1.1.0.78",
      "NETGEAR R6700 \u003c1.2.0.76",
      "NETGEAR R6900 \u003c1.2.0.76",
      "NETGEAR R6220 \u003c1.1.0.104",
      "NETGEAR R6230 \u003c1.1.0.104"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-27872",
  "serverity": "\u4e2d",
  "submitTime": "2021-02-06",
  "title": "NETGEAR R7450\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2020-27872 (GCVE-0-2020-27872)

Vulnerability from cvelistv5

Published

2021-02-04 16:45

Modified

2024-08-04 16:25

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-642 - External Control of Critical State Data

Summary

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-21-071/	x_refsource_MISC
	https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers	x_refsource_MISC