CVE-2021-34982

EPSS 5.57%
Published 07.05.2024 23:15:13
Last modified 14.08.2025 01:41:19
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.




. Was ZDI-CAN-13709.

Affected products Warnungen 0 Metrics 2 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Dc112a Firmware Version < 1.0.0.62

Netgear ≫ Dc112a Version-

Netgear ≫ Ex3700 Firmware Version < 1.0.0.94

Netgear ≫ Ex3700 Version-

Netgear ≫ Ex3800 Firmware Version < 1.0.0.94

Netgear ≫ Ex3800 Version-

Netgear ≫ Ex6120 Firmware Version < 1.0.0.66

Netgear ≫ Ex6120 Version-

Netgear ≫ Ex6130 Firmware Version < 1.0.0.46

Netgear ≫ Ex6130 Version-

Netgear ≫ Ex7000 Firmware Version < 1.0.1.106

Netgear ≫ Ex7000 Version-

Netgear ≫ Ex7500 Firmware Version < 1.0.1.76

Netgear ≫ Ex7500 Version-

Netgear ≫ Mr60 Firmware Version < 1.1.6.122

Netgear ≫ Mr60 Version-

Netgear ≫ Mr80 Firmware Version < 1.1.6.10

Netgear ≫ Mr80 Version-

Netgear ≫ Ms60 Firmware Version < 1.1.6.122

Netgear ≫ Ms60 Version-

Netgear ≫ Ms80 Firmware Version < 1.1.6.10

Netgear ≫ Ms80 Version-

Netgear ≫ Lax20 Firmware Version < 1.1.6.30

Netgear ≫ Lax20 Version-

Netgear ≫ R6400 Firmware Version < 1.0.1.76

Netgear ≫ R6400 Version-

Netgear ≫ R6400v2 Firmware Version < 1.0.4.120

Netgear ≫ R6400v2 Version-

Netgear ≫ R6700v3 Firmware Version < 1.0.4.120

Netgear ≫ R6700v3 Version-

Netgear ≫ R6900p Firmware Version < 1.3.3.148

Netgear ≫ R6900p Version-

Netgear ≫ R7000 Firmware Version < 1.0.11.128

Netgear ≫ R7000 Version-

Netgear ≫ R7000p Firmware Version < 1.3.3.148

Netgear ≫ R7000p Version-

Netgear ≫ R7100lg Firmware Version < 1.0.0.72

Netgear ≫ R7100lg Version-

Netgear ≫ R7850 Firmware Version < 1.0.5.76

Netgear ≫ R7850 Version-

Netgear ≫ R7900p Firmware Version < 1.4.2.84

Netgear ≫ R7900p Version-

Netgear ≫ R7960p Firmware Version < 1.4.2.84

Netgear ≫ R7960p Version-

Netgear ≫ R8000 Firmware Version < 1.0.4.76

Netgear ≫ R8000 Version-

Netgear ≫ R8000p Firmware Version < 1.4.2.84

Netgear ≫ R8000p Version-

Netgear ≫ R8300 Firmware Version < 1.0.2.156

Netgear ≫ R8300 Version-

Netgear ≫ R8500 Firmware Version < 1.0.2.156

Netgear ≫ R8500 Version-

Netgear ≫ Rax15 Firmware Version < 1.0.4.100

Netgear ≫ Rax15 Version-

Netgear ≫ Rax20 Firmware Version < 1.0.4.100

Netgear ≫ Rax20 Version-

Netgear ≫ Rax200 Firmware Version < 1.0.5.132

Netgear ≫ Rax200 Version-

Netgear ≫ Rax35v2 Firmware Version < 1.0.4.100

Netgear ≫ Rax35v2 Version-

Netgear ≫ Rax38v2 Firmware Version < 1.0.4.100

Netgear ≫ Rax38v2 Version-

Netgear ≫ Rax40v2 Firmware Version < 1.0.4.100

Netgear ≫ Rax40v2 Version-

Netgear ≫ Rax42 Firmware Version < 1.0.4.100

Netgear ≫ Rax42 Version-

Netgear ≫ Rax43 Firmware Version < 1.0.4.100

Netgear ≫ Rax43 Version-

Netgear ≫ Rax45 Firmware Version < 1.0.4.100

Netgear ≫ Rax45 Version-

Netgear ≫ Rax48 Firmware Version < 1.0.4.100

Netgear ≫ Rax48 Version-

Netgear ≫ Rax50 Firmware Version < 1.0.4.100

Netgear ≫ Rax50 Version-

Netgear ≫ Rax50s Firmware Version < 1.0.4.100

Netgear ≫ Rax50s Version-

Netgear ≫ Rax75 Firmware Version < 1.0.5.132

Netgear ≫ Rax75 Version-

Netgear ≫ Rax80 Firmware Version < 1.0.5.132

Netgear ≫ Rax80 Version-

Netgear ≫ Raxe450 Firmware Version < 1.0.8.70

Netgear ≫ Raxe450 Version-

Netgear ≫ Raxe500 Firmware Version < 1.0.8.70

Netgear ≫ Raxe500 Version-

Netgear ≫ Rs400 Firmware Version < 1.5.1.80

Netgear ≫ Rs400 Version-

Netgear ≫ Wndr3400v3 Firmware Version < 1.0.1.42

Netgear ≫ Wndr3400v3 Version-

Netgear ≫ Wnr3500lv2 Firmware Version < 1.2.0.70

Netgear ≫ Wnr3500lv2 Version-

Netgear ≫ Xr1000 Firmware Version < 1.0.0.64

Netgear ≫ Xr1000 Version-

Netgear ≫ Xr300 Firmware Version < 1.0.3.68

Netgear ≫ Xr300 Version-

Netgear ≫ D6220 Firmware Version < 1.0.0.76

Netgear ≫ D6220 Version-

Netgear ≫ D6400 Firmware Version < 1.0.0.108

Netgear ≫ D6400 Version-

Netgear ≫ D7000v2 Firmware Version < 1.0.0.76

Netgear ≫ D7000v2 Version-

Netgear ≫ Dgn2200v4 Firmware Version < 1.0.0.126

Netgear ≫ Dgn2200v4 Version-

Netgear ≫ V6510-1fxaus Firmware Version < 1.0.0.80

Netgear ≫ V6510-1fxaus Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.57%	0.899

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
zdi-disclosures@trendmicro.com	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-1274/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34982

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34982

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34982

EUVD