Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-31802
HistoryApr 26, 2021 - 1:15 p.m.

CVE-2021-31802

2021-04-2613:15:07
CWE-787
[email protected]
web.nvd.nist.gov
7
cve-2021-31802
netgear r7000
buffer overflow
http request
code execution
root access
backup.cgi file upload

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.017

Percentile

88.0%

JSON

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.

Affected configurations

Nvd
Node
netgearr7000_firmwareRange≀1.0.11.116
AND
netgearr7000Match-
VendorProductVersionCPE
netgearr7000_firmware*cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
netgearr7000-cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Related

prion 1
cvelist 1
cnvd 1
metasploit 1
seebug 1
packetstorm 1
cve 1
rapid7blog 1
prion
prion
Heap overflow
2021-04-26 13:15:00
cvelist
cvelist
CVE-2021-31802
2021-04-26 12:02:32
cnvd
cnvd
NETGEAR R7000 Code Execution Vulnerability
2021-04-27 00:00:00
metasploit
metasploit
Netgear R7000 backup.cgi Heap Overflow RCE
2021-07-27 18:00:17
seebug
seebug
NETGEAR R7000 ηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄žοΌˆCVE-2021-31802οΌ‰
2021-04-28 00:00:00
packetstorm
packetstorm
Netgear R7000 Backup.cgi Heap Overflow Remote Code Execution
2024-08-31 00:00:00
cve
cve
CVE-2021-31802
2021-04-26 13:15:07
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-07-30 18:04:33

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.017

Percentile

88.0%

JSON
Related for NVD:CVE-2021-31802
prion1cvelist1cnvd1metasploit1seebug1packetstorm1cve1rapid7blog1