8.8

CVE-2021-27251

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearBr200 Firmware Version < 5.10.0.5
   NetgearBr200 Version-
NetgearBr500 Firmware Version < 5.10.0.5
   NetgearBr500 Version-
NetgearD7800 Firmware Version < 1.0.1.60
   NetgearD7800 Version-
NetgearEx6100v2 Firmware Version < 1.0.1.98
   NetgearEx6100 Versionv2
NetgearEx6150 Firmware Version < 1.0.1.98
   NetgearEx6150 Versionv2
NetgearEx6250 Firmware Version < 1.0.0.134
   NetgearEx6250 Version-
NetgearEx6400 Firmware Version < 1.0.2.158
   NetgearEx6400 Version-
NetgearEx6400v2 Firmware Version < 1.0.0.134
   NetgearEx6400 Versionv2
NetgearEx6410 Firmware Version < 1.0.0.134
   NetgearEx6410 Version-
NetgearEx6420 Firmware Version < 1.0.0.134
   NetgearEx6420 Version-
NetgearEx7300 Firmware Version < 1.0.2.158
   NetgearEx7300 Version-
NetgearEx7300v2 Firmware Version < 1.0.0.134
   NetgearEx7300 Versionv2
NetgearEx7320 Firmware Version < 1.0.0.134
   NetgearEx7320 Version-
NetgearEx7700 Firmware Version < 1.0.0.216
   NetgearEx7700 Version-
NetgearEx8000 Firmware Version < 1.0.1.232
   NetgearEx8000 Version-
NetgearLbr20 Firmware Version < 2.6.3.50
   NetgearLbr20 Version-
NetgearR7800 Firmware Version < 1.0.2.80
   NetgearR7800 Version-
NetgearR8900 Firmware Version < 1.0.5.28
   NetgearR8900 Version-
NetgearR9000 Firmware Version < 1.0.5.28
   NetgearR9000 Version-
NetgearRbk12 Firmware Version < 2.7.2.104
   NetgearRbk12 Version-
NetgearRbk13 Firmware Version < 2.7.2.104
   NetgearRbk13 Version-
NetgearRbk14 Firmware Version < 2.7.2.104
   NetgearRbk14 Version-
NetgearRbk15 Firmware Version < 2.7.2.104
   NetgearRbk15 Version-
NetgearRbk20 Firmware Version < 2.6.2.104
   NetgearRbk20 Version-
NetgearRbk23 Firmware Version < 2.7.2.104
   NetgearRbk23 Version-
NetgearRbk40 Firmware Version < 2.6.2.104
   NetgearRbk40 Version-
NetgearRbk43 Firmware Version < 2.6.2.104
   NetgearRbk43 Version-
NetgearRbk43s Firmware Version < 2.6.2.104
   NetgearRbk43s Version-
NetgearRbk44 Firmware Version < 2.6.2.104
   NetgearRbk44 Version-
NetgearRbk50 Firmware Version < 2.7.2.104
   NetgearRbk50 Version-
NetgearRbk53 Firmware Version < 2.7.2.104
   NetgearRbk53 Version-
NetgearRbr10 Firmware Version < 2.6.2.104
   NetgearRbr10 Version-
NetgearRbr20 Firmware Version < 2.6.2.104
   NetgearRbr20 Version-
NetgearRbr40 Firmware Version < 2.6.2.104
   NetgearRbr40 Version-
NetgearRbr50 Firmware Version < 2.7.2.104
   NetgearRbr50 Version-
NetgearRbs10 Firmware Version < 2.6.2.104
   NetgearRbs10 Version-
NetgearRbs20 Firmware Version < 2.6.2.104
   NetgearRbs20 Version-
NetgearRbs40 Firmware Version < 2.6.2.104
   NetgearRbs40 Version-
NetgearRbs50 Firmware Version < 2.7.2.104
   NetgearRbs50 Version-
NetgearRbs50y Firmware Version < 2.6.2.104
   NetgearRbs50y Version-
NetgearXr450 Firmware Version < 2.3.2.114
   NetgearXr450 Version-
NetgearXr500 Firmware Version < 2.3.2.114
   NetgearXr500 Version-
NetgearXr700 Firmware Version < 1.0.1.38
   NetgearXr700 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.524
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 8.3 6.5 10
AV:A/AC:L/Au:N/C:C/I:C/A:C
zdi-disclosures@trendmicro.com 8.8 2.8 5.9
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.