Lucene search

[email protected]CVE-2021-34991

HistoryNov 15, 2021 - 4:15 p.m.

CVE-2021-34991

2021-11-1516:15:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2021-34991

netgear

r6400v2

vulnerability

remote code execution

upnp

security

exploit

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

37.0%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.

CPENameOperatorVersion
netgear:ex3700_firmwarenetgear ex3700 firmwarelt1.0.0.94
netgear:ex3800_firmwarenetgear ex3800 firmwarelt1.0.0.94
netgear:ex6120_firmwarenetgear ex6120 firmwarelt1.0.0.66
netgear:ex6130_firmwarenetgear ex6130 firmwarelt1.0.0.66
netgear:r6400_firmwarenetgear r6400 firmwarelt1.0.1.76
netgear:r6400v2_firmwarenetgear r6400v2 firmwarelt1.0.4.120
netgear:r6700v3_firmwarenetgear r6700v3 firmwarelt1.0.4.120
netgear:r6900p_firmwarenetgear r6900p firmwarelt1.3.3.142
netgear:r7000_firmwarenetgear r7000 firmwarelt1.0.11.128
netgear:r7000p_firmwarenetgear r7000p firmwarelt1.3.3.142

CPE	Name	Operator	Version
netgear:ex3700_firmware	netgear ex3700 firmware	lt	1.0.0.94
netgear:ex3800_firmware	netgear ex3800 firmware	lt	1.0.0.94
netgear:ex6120_firmware	netgear ex6120 firmware	lt	1.0.0.66
netgear:ex6130_firmware	netgear ex6130 firmware	lt	1.0.0.66
netgear:r6400_firmware	netgear r6400 firmware	lt	1.0.1.76
netgear:r6400v2_firmware	netgear r6400v2 firmware	lt	1.0.4.120
netgear:r6700v3_firmware	netgear r6700v3 firmware	lt	1.0.4.120
netgear:r6900p_firmware	netgear r6900p firmware	lt	1.3.3.142
netgear:r7000_firmware	netgear r7000 firmware	lt	1.0.11.128
netgear:r7000p_firmware	netgear r7000p firmware	lt	1.3.3.142

Rows per page:

1-10 of 441

References

kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168

www.zerodayinitiative.com/advisories/ZDI-21-1303/

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

37.0%

JSON

Related for CVE-2021-34991

cnvd1 malwarebytes1 prion1 zdi1 thn1