8.8
CVE-2021-27239
- EPSS 2.59%
- Published 29.03.2021 21:15:12
- Last modified 21.11.2024 05:57:39
- Source zdi-disclosures@trendmicro.com
- Teams watchlist Login
- Open Login
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ D6220 Firmware Version < 1.0.0.68
Netgear ≫ D6400 Firmware Version < 1.0.0.102
Netgear ≫ D7000 Firmware Version < 1.0.0.66
Netgear ≫ D8500 Firmware Version < 1.0.3.60
Netgear ≫ Dc112a Firmware Version < 1.0.0.54
Netgear ≫ Ex7000 Firmware Version < 1.0.1.94
Netgear ≫ Ex7500 Firmware Version < 1.0.0.72
Netgear ≫ R6250 Firmware Version < 1.0.4.48
Netgear ≫ R6300 Firmware Version < 1.0.4.50
Netgear ≫ R6400 Firmware Version < 1.0.1.68
Netgear ≫ R6400 Firmware Version < 1.0.4.102
Netgear ≫ R6700 Firmware Version < 1.0.4.102
Netgear ≫ R6900p Firmware Version < 1.3.2.132
Netgear ≫ R7000 Firmware Version < 1.0.11.116
Netgear ≫ R7000p Firmware Version < 1.3.2.132
Netgear ≫ R7100lg Firmware Version < 1.0.0.64
Netgear ≫ R7850 Firmware Version < 1.0.5.68
Netgear ≫ R7900 Firmware Version < 1.0.4.38
Netgear ≫ R7900p Firmware Version < 1.4.1.68
Netgear ≫ R7960p Firmware Version < 1.4.1.68
Netgear ≫ R8000 Firmware Version < 1.0.4.68
Netgear ≫ R8000p Firmware Version < 1.4.1.68
Netgear ≫ R8300 Firmware Version < 1.0.2.144
Netgear ≫ R8500 Firmware Version < 1.0.2.144
Netgear ≫ Rax200 Firmware Version < 1.0.2.88
Netgear ≫ Rax75 Firmware Version < 1.0.3.102
Netgear ≫ Rax80 Firmware Version < 1.0.3.102
Netgear ≫ Rbr750 Firmware Version < 3.2.17.12
Netgear ≫ Rbr850 Firmware Version < 3.2.17.12
Netgear ≫ Rbs40v Firmware Version < 2.6.2.4
Netgear ≫ Rbs750 Firmware Version < 3.2.17.12
Netgear ≫ Rbs850 Firmware Version < 3.2.17.12
Netgear ≫ Rs400 Firmware Version <= 1.5.0.68
Netgear ≫ Wndr3400 Firmware Version < 1.0.1.38
Netgear ≫ Wnr3500l Firmware Version < 1.2.0.66
Netgear ≫ Xr300 Firmware Version < 1.0.3.56
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.59% | 0.85 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 8.3 | 6.5 | 10 |
AV:A/AC:L/Au:N/C:C/I:C/A:C
|
| zdi-disclosures@trendmicro.com | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).