Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-34991
HistoryNov 15, 2021 - 4:15 p.m.

CVE-2021-34991

2021-11-1516:15:09
CWE-121
CWE-787
[email protected]
web.nvd.nist.gov
74
cve-2021-34991
netgear
r6400v2
vulnerability
remote code execution
upnp
security
exploit

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.9%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.

Affected configurations

NVD
Node
netgearex3700Match-
AND
netgearex3700_firmwareRange<1.0.0.94
Node
netgearex3800Match-
AND
netgearex3800_firmwareRange<1.0.0.94
Node
netgearex6120Match-
AND
netgearex6120_firmwareRange<1.0.0.66
Node
netgearex6130Match-
AND
netgearex6130_firmwareRange<1.0.0.66
Node
netgearr6400Match-
AND
netgearr6400_firmwareRange<1.0.1.76
Node
netgearr6400v2Match-
AND
netgearr6400v2_firmwareRange<1.0.4.120
Node
netgearr6700v3Match-
AND
netgearr6700v3_firmwareRange<1.0.4.120
Node
netgearr6900pMatch-
AND
netgearr6900p_firmwareRange<1.3.3.142
Node
netgearr7000_firmwareRange<1.0.11.128
AND
netgearr7000Match-
Node
netgearr7000p_firmwareRange<1.3.3.142
AND
netgearr7000pMatch-
Node
netgearr7100lg_firmwareRange<1.0.0.72
AND
netgearr7100lgMatch-
Node
netgearr7850_firmwareRange<1.0.5.76
AND
netgearr7850Match-
Node
netgearr7900p_firmwareRange<1.4.2.84
AND
netgearr7900pMatch-
Node
netgearr7960p_firmwareRange<1.4.2.84
AND
netgearr7960pMatch-
Node
netgearr8000_firmwareRange<1.0.4.76
AND
netgearr8000Match-
Node
netgearr8000p_firmwareRange<1.4.2.84
AND
netgearr8000pMatch-
Node
netgearr8300_firmwareRange<1.0.2.156
AND
netgearr8300Match-
Node
netgearr8500_firmwareRange<1.0.2.156
AND
netgearr8500Match-
Node
netgearrax15_firmwareRange<1.0.4.100
AND
netgearrax15Match-
Node
netgearrax20_firmwareRange<1.0.4.100
AND
netgearrax20Match-
Node
netgearrax200_firmwareRange<1.0.5.132
AND
netgearrax200Match-
Node
netgearrax35v2_firmwareRange<1.0.4.100
AND
netgearrax35v2Match-
Node
netgearrax38v2_firmwareRange<1.0.4.100
AND
netgearrax38v2Match-
Node
netgearrax40v2_firmwareRange<1.0.4.100
AND
netgearrax40v2Match-
Node
netgearrax42_firmwareRange<1.0.4.100
AND
netgearrax42Match-
Node
netgearrax43_firmwareRange<1.0.4.100
AND
netgearrax43Match-
Node
netgearrax45_firmwareRange<1.0.4.100
AND
netgearrax45Match-
Node
netgearrax48_firmwareRange<1.0.4.100
AND
netgearrax48Match-
Node
netgearrax50_firmwareRange<1.0.4.100
AND
netgearrax50Match-
Node
netgearrax50s_firmwareRange<1.0.4.100
AND
netgearrax50sMatch-
Node
netgearrax75_firmwareRange<1.0.5.132
AND
netgearrax75Match-
Node
netgearrax80_firmwareRange<1.0.5.132
AND
netgearrax80Match-
Node
netgearraxe450_firmwareRange<1.0.8.70
AND
netgearraxe450Match-
Node
netgearraxe500_firmwareRange<1.0.8.70
AND
netgearraxe500Match-
Node
netgearrs400_firmwareRange<1.5.1.80
AND
netgearrs400Match-
Node
netgearwndr3400v3_firmwareRange<1.0.1.42
AND
netgearwndr3400v3Match-
Node
netgearwnr3500lv2_firmwareRange<1.2.0.70
AND
netgearwnr3500lv2Match-
Node
netgearxr300_firmwareRange<1.0.3.68
AND
netgearxr300Match-
Node
netgeard6220_firmwareRange<1.0.0.76
AND
netgeard6220Match-
Node
netgeard6400_firmwareRange<1.0.0.108
AND
netgeard6400Match-
Node
netgeard7000v2_firmwareRange<1.0.0.76
AND
netgeard7000v2Match-
Node
netgeardgn2200v4_firmwareRange<1.0.0.126
AND
netgeardgn2200v4Match-
Node
netgeardc112a_firmwareRange<1.0.0.62
AND
netgeardc112aMatch-
Node
netgearcax80_firmwareRange<2.1.3.5
AND
netgearcax80Match-

CNA Affected

[
  {
    "product": "R6400v2",
    "vendor": "NETGEAR",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.4.106_10.0.80"
      }
    ]
  }
]

Related

nvd 1
cnvd 1
cvelist 1
malwarebytes 1
prion 1
zdi 1
thn 1
nvd
nvd
CVE-2021-34991
2021-11-15 16:15:09
cnvd
cnvd
NETGEAR R6400v2 Buffer Overflow Vulnerability
2021-11-13 00:00:00
cvelist
cvelist
CVE-2021-34991
2021-11-15 15:40:16
malwarebytes
malwarebytes
Update now! Netgear vulnerability patched
2021-11-18 13:34:27
prion
prion
Stack overflow
2021-11-15 16:15:00
zdi
zdi
NETGEAR R6400v2 UPnP uuid Stack-based Buffer Overflow Remote Code Execution Vulnerability
2021-11-11 00:00:00
thn
thn
Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models
2021-11-18 12:59:00

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.9%

JSON
Related for CVE-2021-34991
nvd1cnvd1cvelist1malwarebytes1prion1zdi1thn1