How severe is CVE-2020-27867?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2020-27867?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2020-27867

MEDIUM Year: 2020

CVSS v3 Score

6.8

Medium

CVSS v2 Score

7.7

High

Weakness Type

CWE-77

View all →

Vulnerability Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.

CVE-2016-9337

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to comma...

CWE-772016

CVE-2019-20688

MEDIUM

CVSS:6.8(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 b...

CWE-772019

CVE-2019-20689

MEDIUM

CVSS:6.8(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v...

CWE-772019

CVE-2019-20718

MEDIUM

CVSS:6.8(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D8500 before 1.0.3.43, R6250 bef...

CWE-772019

CVE-2019-20722

MEDIUM

CVSS:6.8(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 bef...

CWE-772019

CVE-2019-20724

MEDIUM

CVSS:6.8(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 bef...

CWE-772019

CVE-2020-27867

Vulnerability Description

Related Vulnerabilities

CVE-2016-9337

CVE-2019-20688

CVE-2019-20689

CVE-2019-20718

CVE-2019-20722

CVE-2019-20724