Lucene search

ZdiCVE-2021-27253

HistoryApr 14, 2021 - 4:15 p.m.

CVE-2021-27253

2021-04-1416:15:13

CWE-787

CWE-122

zdi

web.nvd.nist.gov

cve-2021-27253

vulnerability

netgear

nighthawk r7800

code execution

authentication bypass

zdi-can-12303

nvd

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.1%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.

Affected configurations

Nvd

Vulners

Node

netgearbr200_firmwareRange<5.10.0.5

AND

netgearbr200Match-

Node

netgearbr500_firmwareRange<5.10.0.5

AND

netgearbr500Match-

Node

netgeard7800_firmwareRange<1.0.1.60

AND

netgeard7800Match-

Node

netgearex6100v2_firmwareRange<1.0.1.98

AND

netgearex6100Matchv2

Node

netgearex6150_firmwareRange<1.0.1.98

AND

netgearex6150Matchv2

Node

netgearex6250_firmwareRange<1.0.0.134

AND

netgearex6250Match-

Node

netgearex6400_firmwareRange<1.0.2.158

AND

netgearex6400Match-

Node

netgearex6400v2_firmwareRange<1.0.0.134

AND

netgearex6400Matchv2

Node

netgearex6410_firmwareRange<1.0.0.134

AND

netgearex6410Match-

Node

netgearex6420_firmwareRange<1.0.0.134

AND

netgearex6420Match-

Node

netgearex7300_firmwareRange<1.0.2.158

AND

netgearex7300Match-

Node

netgearex7300v2_firmwareRange<1.0.0.134

AND

netgearex7300Matchv2

Node

netgearex7320_firmwareRange<1.0.0.134

AND

netgearex7320Match-

Node

netgearex7700_firmwareRange<1.0.0.216

AND

netgearex7700Match-

Node

netgearex8000_firmwareRange<1.0.1.232

AND

netgearex8000Match-

Node

netgearlbr20_firmwareRange<2.6.3.50

AND

netgearlbr20Match-

Node

netgearr7800_firmwareRange<1.0.2.80

AND

netgearr7800Match-

Node

netgearr8900_firmwareRange<1.0.5.28

AND

netgearr8900Match-

Node

netgearr9000_firmwareRange<1.0.5.28

AND

netgearr9000Match-

Node

netgearrbk12_firmwareRange<2.7.2.104

AND

netgearrbk12Match-

Node

netgearrbk13_firmwareRange<2.7.2.104

AND

netgearrbk13Match-

Node

netgearrbk14_firmwareRange<2.7.2.104

AND

netgearrbk14Match-

Node

netgearrbk15_firmwareRange<2.7.2.104

AND

netgearrbk15Match-

Node

netgearrbk20_firmwareRange<2.6.2.104

AND

netgearrbk20Match-

Node

netgearrbk23_firmwareRange<2.7.2.104

AND

netgearrbk23Match-

Node

netgearrbk40_firmwareRange<2.6.2.104

AND

netgearrbk40Match-

Node

netgearrbk43_firmwareRange<2.6.2.104

AND

netgearrbk43Match-

Node

netgearrbk43s_firmwareRange<2.6.2.104

AND

netgearrbk43sMatch-

Node

netgearrbk44_firmwareRange<2.6.2.104

AND

netgearrbk44Match-

Node

netgearrbk50_firmwareRange<2.7.2.104

AND

netgearrbk50Match-

Node

netgearrbk53_firmwareRange<2.7.2.104

AND

netgearrbk53Match-

Node

netgearrbr10_firmwareRange<2.6.2.104

AND

netgearrbr10Match-

Node

netgearrbr20_firmwareRange<2.6.2.104

AND

netgearrbr20Match-

Node

netgearrbr40_firmwareRange<2.6.2.104

AND

netgearrbr40Match-

Node

netgearrbr50_firmwareRange<2.7.2.104

AND

netgearrbr50Match-

Node

netgearrbs10_firmwareRange<2.6.2.104

AND

netgearrbs10Match-

Node

netgearrbs20_firmwareRange<2.6.2.104

AND

netgearrbs20Match-

Node

netgearrbs40_firmwareRange<2.6.2.104

AND

netgearrbs40Match-

Node

netgearrbs50_firmwareRange<2.7.2.104

AND

netgearrbs50Match-

Node

netgearrbs50y_firmwareRange<2.6.2.104

AND

netgearrbs50yMatch-

Node

netgearxr450_firmwareRange<2.3.2.114

AND

netgearxr450Match-

Node

netgearxr500_firmwareRange<2.3.2.114

AND

netgearxr500Match-

Node

netgearxr700_firmwareRange<1.0.1.38

AND

netgearxr700Match-

VendorProductVersionCPE
netgearbr200_firmware*cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*
netgearbr200-cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*
netgearbr500_firmware*cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*
netgearbr500-cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*
netgeard7800_firmware*cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*
netgeard7800-cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*
netgearex6100v2_firmware*cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*
netgearex6100v2cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*
netgearex6150_firmware*cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*
netgearex6150v2cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	br200_firmware	*	cpe:2.3:o:netgear:br200_firmware::::::::
netgear	br200	-	cpe:2.3:h:netgear:br200:-:::::::*
netgear	br500_firmware	*	cpe:2.3:o:netgear:br500_firmware::::::::
netgear	br500	-	cpe:2.3:h:netgear:br500:-:::::::*
netgear	d7800_firmware	*	cpe:2.3:o:netgear:d7800_firmware::::::::
netgear	d7800	-	cpe:2.3:h:netgear:d7800:-:::::::*
netgear	ex6100v2_firmware	*	cpe:2.3:o:netgear:ex6100v2_firmware::::::::
netgear	ex6100	v2	cpe:2.3:h:netgear:ex6100:v2:::::::*
netgear	ex6150_firmware	*	cpe:2.3:o:netgear:ex6150_firmware::::::::
netgear	ex6150	v2	cpe:2.3:h:netgear:ex6150:v2:::::::*

Rows per page:

1-10 of 861

CNA Affected

[
  {
    "product": "R7800",
    "vendor": "NETGEAR",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 1.0.2.76"
      }
    ]
  }
]

References

kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders

www.zerodayinitiative.com/advisories/ZDI-21-249/

Social References

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.1%

JSON

Related for CVE-2021-27253