CVE-2021-27253

EPSS 0.74%
Published 14.04.2021 16:15:13
Last modified 21.11.2024 05:57:41
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.

Affected products Warnungen 0 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Br200 Firmware Version < 5.10.0.5

Netgear ≫ Br200 Version-

Netgear ≫ Br500 Firmware Version < 5.10.0.5

Netgear ≫ Br500 Version-

Netgear ≫ D7800 Firmware Version < 1.0.1.60

Netgear ≫ D7800 Version-

Netgear ≫ Ex6100v2 Firmware Version < 1.0.1.98

Netgear ≫ Ex6100 Versionv2

Netgear ≫ Ex6150 Firmware Version < 1.0.1.98

Netgear ≫ Ex6150 Versionv2

Netgear ≫ Ex6250 Firmware Version < 1.0.0.134

Netgear ≫ Ex6250 Version-

Netgear ≫ Ex6400 Firmware Version < 1.0.2.158

Netgear ≫ Ex6400 Version-

Netgear ≫ Ex6400v2 Firmware Version < 1.0.0.134

Netgear ≫ Ex6400 Versionv2

Netgear ≫ Ex6410 Firmware Version < 1.0.0.134

Netgear ≫ Ex6410 Version-

Netgear ≫ Ex6420 Firmware Version < 1.0.0.134

Netgear ≫ Ex6420 Version-

Netgear ≫ Ex7300 Firmware Version < 1.0.2.158

Netgear ≫ Ex7300 Version-

Netgear ≫ Ex7300v2 Firmware Version < 1.0.0.134

Netgear ≫ Ex7300 Versionv2

Netgear ≫ Ex7320 Firmware Version < 1.0.0.134

Netgear ≫ Ex7320 Version-

Netgear ≫ Ex7700 Firmware Version < 1.0.0.216

Netgear ≫ Ex7700 Version-

Netgear ≫ Ex8000 Firmware Version < 1.0.1.232

Netgear ≫ Ex8000 Version-

Netgear ≫ Lbr20 Firmware Version < 2.6.3.50

Netgear ≫ Lbr20 Version-

Netgear ≫ R7800 Firmware Version < 1.0.2.80

Netgear ≫ R7800 Version-

Netgear ≫ R8900 Firmware Version < 1.0.5.28

Netgear ≫ R8900 Version-

Netgear ≫ R9000 Firmware Version < 1.0.5.28

Netgear ≫ R9000 Version-

Netgear ≫ Rbk12 Firmware Version < 2.7.2.104

Netgear ≫ Rbk12 Version-

Netgear ≫ Rbk13 Firmware Version < 2.7.2.104

Netgear ≫ Rbk13 Version-

Netgear ≫ Rbk14 Firmware Version < 2.7.2.104

Netgear ≫ Rbk14 Version-

Netgear ≫ Rbk15 Firmware Version < 2.7.2.104

Netgear ≫ Rbk15 Version-

Netgear ≫ Rbk20 Firmware Version < 2.6.2.104

Netgear ≫ Rbk20 Version-

Netgear ≫ Rbk23 Firmware Version < 2.7.2.104

Netgear ≫ Rbk23 Version-

Netgear ≫ Rbk40 Firmware Version < 2.6.2.104

Netgear ≫ Rbk40 Version-

Netgear ≫ Rbk43 Firmware Version < 2.6.2.104

Netgear ≫ Rbk43 Version-

Netgear ≫ Rbk43s Firmware Version < 2.6.2.104

Netgear ≫ Rbk43s Version-

Netgear ≫ Rbk44 Firmware Version < 2.6.2.104

Netgear ≫ Rbk44 Version-

Netgear ≫ Rbk50 Firmware Version < 2.7.2.104

Netgear ≫ Rbk50 Version-

Netgear ≫ Rbk53 Firmware Version < 2.7.2.104

Netgear ≫ Rbk53 Version-

Netgear ≫ Rbr10 Firmware Version < 2.6.2.104

Netgear ≫ Rbr10 Version-

Netgear ≫ Rbr20 Firmware Version < 2.6.2.104

Netgear ≫ Rbr20 Version-

Netgear ≫ Rbr40 Firmware Version < 2.6.2.104

Netgear ≫ Rbr40 Version-

Netgear ≫ Rbr50 Firmware Version < 2.7.2.104

Netgear ≫ Rbr50 Version-

Netgear ≫ Rbs10 Firmware Version < 2.6.2.104

Netgear ≫ Rbs10 Version-

Netgear ≫ Rbs20 Firmware Version < 2.6.2.104

Netgear ≫ Rbs20 Version-

Netgear ≫ Rbs40 Firmware Version < 2.6.2.104

Netgear ≫ Rbs40 Version-

Netgear ≫ Rbs50 Firmware Version < 2.7.2.104

Netgear ≫ Rbs50 Version-

Netgear ≫ Rbs50y Firmware Version < 2.6.2.104

Netgear ≫ Rbs50y Version-

Netgear ≫ Xr450 Firmware Version < 2.3.2.114

Netgear ≫ Xr450 Version-

Netgear ≫ Xr500 Firmware Version < 2.3.2.114

Netgear ≫ Xr500 Version-

Netgear ≫ Xr700 Firmware Version < 1.0.1.38

Netgear ≫ Xr700 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.74%	0.721

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C
zdi-disclosures@trendmicro.com	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders

Patch

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-249/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2021-27253

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27253

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27253

EUVD