Lucene search

[email protected]NVD:CVE-2021-27239

HistoryMar 29, 2021 - 9:15 p.m.

CVE-2021-27239

2021-03-2921:15:12

CWE-121

[email protected]

web.nvd.nist.gov

netgear

r6400

r6700

firmware

vulnerability

upnpd

udp

overflow

root access

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.4%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851.

Affected configurations

Nvd

Node

netgeard6220_firmwareRange<1.0.0.68

AND

netgeard6220Match-

Node

netgeard6400_firmwareRange<1.0.0.102

AND

netgeard6400Match-

Node

netgeard7000_firmwareRange<1.0.0.66

AND

netgeard7000Matchv2

Node

netgeard8500_firmwareRange<1.0.3.60

AND

netgeard8500Match-

Node

netgeardc112a_firmwareRange<1.0.0.54

AND

netgeardc112aMatch-

Node

netgearex7000_firmwareRange<1.0.1.94

AND

netgearex7000Match-

Node

netgearex7500_firmwareRange<1.0.0.72

AND

netgearex7500Match-

Node

netgearr6250_firmwareRange<1.0.4.48

AND

netgearr6250Match-

Node

netgearr6300_firmwareRange<1.0.4.50

AND

netgearr6300Matchv2

Node

netgearr6400_firmwareRange<1.0.1.68

AND

netgearr6400Match-

Node

netgearr6400_firmwareRange<1.0.4.102

AND

netgearr6400Matchv2

Node

netgearr6700_firmwareRange<1.0.4.102

AND

netgearr6700Matchv3

Node

netgearr6900p_firmwareRange<1.3.2.132

AND

netgearr6900pMatch-

Node

netgearr7000_firmwareRange<1.0.11.116

AND

netgearr7000Match-

Node

netgearr7000p_firmwareRange<1.3.2.132

AND

netgearr7000pMatch-

Node

netgearr7100lg_firmwareRange<1.0.0.64

AND

netgearr7100lgMatch-

Node

netgearr7850_firmwareRange<1.0.5.68

AND

netgearr7850Match-

Node

netgearr7900_firmwareRange<1.0.4.38

AND

netgearr7900Match-

Node

netgearr7900p_firmwareRange<1.4.1.68

AND

netgearr7900pMatch-

Node

netgearr7960p_firmwareRange<1.4.1.68

AND

netgearr7960pMatch-

Node

netgearr8000_firmwareRange<1.0.4.68

AND

netgearr8000Match-

Node

netgearr8000p_firmwareRange<1.4.1.68

AND

netgearr8000pMatch-

Node

netgearr8300_firmwareRange<1.0.2.144

AND

netgearr8300Match-

Node

netgearr8500_firmwareRange<1.0.2.144

AND

netgearr8500Match-

Node

netgearrax200_firmwareRange<1.0.2.88

AND

netgearrax200Match-

Node

netgearrax75_firmwareRange<1.0.3.102

AND

netgearrax75Match-

Node

netgearrax80_firmwareRange<1.0.3.102

AND

netgearrax80Match-

Node

netgearrbr750_firmwareRange<3.2.17.12

AND

netgearrbr750Match-

Node

netgearrbr850_firmwareRange<3.2.17.12

AND

netgearrbr850Match-

Node

netgearrbs40v_firmwareRange<2.6.2.4

AND

netgearrbs40vMatch-

Node

netgearrbs750_firmwareRange<3.2.17.12

AND

netgearrbs750Match-

Node

netgearrbs850_firmwareRange<3.2.17.12

AND

netgearrbs850Match-

Node

netgearrs400_firmwareRange≤1.5.0.68

AND

netgearrs400Match-

Node

netgearwndr3400_firmwareRange<1.0.1.38

AND

netgearwndr3400Matchv3

Node

netgearwnr3500l_firmwareRange<1.2.0.66

AND

netgearwnr3500lMatchv2

Node

netgearxr300_firmwareRange<1.0.3.56

AND

netgearxr300Match-

VendorProductVersionCPE
netgeard6220_firmware*cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*
netgeard6220-cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*
netgeard6400_firmware*cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*
netgeard6400-cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*
netgeard7000_firmware*cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
netgeard7000v2cpe:2.3:h:netgear:d7000:v2:*:*:*:*:*:*:*
netgeard8500_firmware*cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*
netgeard8500-cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*
netgeardc112a_firmware*cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*
netgeardc112a-cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	d6220_firmware	*	cpe:2.3:o:netgear:d6220_firmware::::::::
netgear	d6220	-	cpe:2.3:h:netgear:d6220:-:::::::*
netgear	d6400_firmware	*	cpe:2.3:o:netgear:d6400_firmware::::::::
netgear	d6400	-	cpe:2.3:h:netgear:d6400:-:::::::*
netgear	d7000_firmware	*	cpe:2.3:o:netgear:d7000_firmware::::::::
netgear	d7000	v2	cpe:2.3:h:netgear:d7000:v2:::::::*
netgear	d8500_firmware	*	cpe:2.3:o:netgear:d8500_firmware::::::::
netgear	d8500	-	cpe:2.3:h:netgear:d8500:-:::::::*
netgear	dc112a_firmware	*	cpe:2.3:o:netgear:dc112a_firmware::::::::
netgear	dc112a	-	cpe:2.3:h:netgear:dc112a:-:::::::*

Rows per page:

1-10 of 711

References

kb.netgear.com/000062820/Security-Advisory-for-Stack-based-Buffer-Overflow-Remote-Code-Execution-Vulnerability-on-Some-Routers-PSV-2020-0432

www.zerodayinitiative.com/advisories/ZDI-21-206/

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.4%

JSON

Related for NVD:CVE-2021-27239

prion1 cvelist1 zdi1 cve1