8.8
CVE-2021-34991
- EPSS 0.57%
- Published 15.11.2021 16:15:09
- Last modified 21.11.2024 06:11:39
- Source zdi-disclosures@trendmicro.com
- Teams watchlist Login
- Open Login
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ Ex3700 Firmware Version < 1.0.0.94
Netgear ≫ Ex3800 Firmware Version < 1.0.0.94
Netgear ≫ Ex6120 Firmware Version < 1.0.0.66
Netgear ≫ Ex6130 Firmware Version < 1.0.0.66
Netgear ≫ R6400 Firmware Version < 1.0.1.76
Netgear ≫ R6400v2 Firmware Version < 1.0.4.120
Netgear ≫ R6700v3 Firmware Version < 1.0.4.120
Netgear ≫ R6900p Firmware Version < 1.3.3.142
Netgear ≫ R7000 Firmware Version < 1.0.11.128
Netgear ≫ R7000p Firmware Version < 1.3.3.142
Netgear ≫ R7100lg Firmware Version < 1.0.0.72
Netgear ≫ R7850 Firmware Version < 1.0.5.76
Netgear ≫ R7900p Firmware Version < 1.4.2.84
Netgear ≫ R7960p Firmware Version < 1.4.2.84
Netgear ≫ R8000 Firmware Version < 1.0.4.76
Netgear ≫ R8000p Firmware Version < 1.4.2.84
Netgear ≫ R8300 Firmware Version < 1.0.2.156
Netgear ≫ R8500 Firmware Version < 1.0.2.156
Netgear ≫ Rax15 Firmware Version < 1.0.4.100
Netgear ≫ Rax20 Firmware Version < 1.0.4.100
Netgear ≫ Rax200 Firmware Version < 1.0.5.132
Netgear ≫ Rax35v2 Firmware Version < 1.0.4.100
Netgear ≫ Rax38v2 Firmware Version < 1.0.4.100
Netgear ≫ Rax40v2 Firmware Version < 1.0.4.100
Netgear ≫ Rax42 Firmware Version < 1.0.4.100
Netgear ≫ Rax43 Firmware Version < 1.0.4.100
Netgear ≫ Rax45 Firmware Version < 1.0.4.100
Netgear ≫ Rax48 Firmware Version < 1.0.4.100
Netgear ≫ Rax50 Firmware Version < 1.0.4.100
Netgear ≫ Rax50s Firmware Version < 1.0.4.100
Netgear ≫ Rax75 Firmware Version < 1.0.5.132
Netgear ≫ Rax80 Firmware Version < 1.0.5.132
Netgear ≫ Raxe450 Firmware Version < 1.0.8.70
Netgear ≫ Raxe500 Firmware Version < 1.0.8.70
Netgear ≫ Rs400 Firmware Version < 1.5.1.80
Netgear ≫ Wndr3400v3 Firmware Version < 1.0.1.42
Netgear ≫ Wnr3500lv2 Firmware Version < 1.2.0.70
Netgear ≫ Xr300 Firmware Version < 1.0.3.68
Netgear ≫ D6220 Firmware Version < 1.0.0.76
Netgear ≫ D6400 Firmware Version < 1.0.0.108
Netgear ≫ D7000v2 Firmware Version < 1.0.0.76
Netgear ≫ Dgn2200v4 Firmware Version < 1.0.0.126
Netgear ≫ Dc112a Firmware Version < 1.0.0.62
Netgear ≫ Cax80 Firmware Version < 2.1.3.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.57% | 0.674 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 8.3 | 6.5 | 10 |
AV:A/AC:L/Au:N/C:C/I:C/A:C
|
| zdi-disclosures@trendmicro.com | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.