This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
netgear cbk40 firmware |
||
netgear cbk43 firmware |
||
netgear cbr40 firmware |
||
netgear ex6200 firmware |
||
netgear ex7700 firmware |
||
netgear ex8000 firmware |
||
netgear rbk12 firmware |
||
netgear rbk13 firmware |
||
netgear rbk14 firmware |
||
netgear rbk15 firmware |
||
netgear rbr10 firmware |
||
netgear rbs10 firmware |
||
netgear rbk20w firmware |
||
netgear rbk23w firmware |
||
netgear rbk20 router firmware |
||
netgear rbk20 satellite firmware |
||
netgear rbk22 router firmware |
||
netgear rbk22 satellite firmware |
||
netgear rbk23 router firmware |
||
netgear rbk23 satellite firmware |
||
netgear rbr20 firmware |
||
netgear rbs20 firmware |
||
netgear rbk30 firmware |
||
netgear rbk33 firmware |
||
netgear rbk40 router firmware |
||
netgear rbk40 satellite firmware |
||
netgear rbk43 router firmware |
||
netgear rbk43 satellite firmware |
||
netgear rbk43s router firmware |
||
netgear rbk43s satellite firmware |
||
netgear rbk44 router firmware |
||
netgear rbk44 satellite firmware |
||
netgear rbr40 firmware |
||
netgear rbs40 firmware |
||
netgear rbk50 firmware |
||
netgear rbk50v firmware |
||
netgear rbk52w firmware |
||
netgear rbr50 firmware |
||
netgear rbs50 firmware |
Vulmon