Lucene search

[email protected]NVD:CVE-2021-34865

HistoryJan 25, 2022 - 4:15 p.m.

CVE-2021-34865

2022-01-2516:15:08

CWE-287

CWE-697

[email protected]

web.nvd.nist.gov

cve-2021-34865

network adjacent attackers

mini_httpd service

tcp port 80

string matching logic

privilege escalation

arbitrary code execution

zdi-can-13313

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.7%

JSON

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.

Affected configurations

Nvd

Node

netgearac2100Match-

AND

netgearac2100_firmwareRange<1.2.0.88

Node

netgearac2400Match-

AND

netgearac2400_firmwareRange<1.2.0.88

Node

netgearac2600Match-

AND

netgearac2600_firmwareRange<1.2.0.88

Node

netgeard7000v1Match-

AND

netgeard7000v1_firmwareRange<1.0.1.80

Node

netgearr6220Match-

AND

netgearr6220_firmwareRange<1.1.0.110

Node

netgearr6230Match-

AND

netgearr6230_firmwareRange<1.1.0.110

Node

netgearr6260_firmwareRange<1.1.0.84

AND

netgearr6260Match-

Node

netgearr6330_firmwareRange<1.1.0.84

AND

netgearr6330Match-

Node

netgearr6350_firmwareRange<1.1.0.84

AND

netgearr6350Match-

Node

netgearr6700v2_firmwareRange<1.2.0.88

AND

netgearr6700v2Match-

Node

netgearr6800_firmwareRange<1.2.0.88

AND

netgearr6800Match-

Node

netgearr6850_firmwareRange<1.1.0.84

AND

netgearr6850Match-

Node

netgearr6900v2_firmwareRange<1.2.0.88

AND

netgearr6900v2Match-

Node

netgearr7200_firmwareRange<1.2.0.88

AND

netgearr7200Match-

Node

netgearr7350_firmwareRange<1.2.0.88

AND

netgearr7350Match-

Node

netgearr7400_firmwareRange<1.2.0.88

AND

netgearr7400Match-

Node

netgearr7450_firmwareRange<1.2.0.88

AND

netgearr7450Match-

VendorProductVersionCPE
netgearac2100-cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*
netgearac2100_firmware*cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*
netgearac2400-cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*
netgearac2400_firmware*cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*
netgearac2600-cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*
netgearac2600_firmware*cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*
netgeard7000v1-cpe:2.3:h:netgear:d7000v1:-:*:*:*:*:*:*:*
netgeard7000v1_firmware*cpe:2.3:o:netgear:d7000v1_firmware:*:*:*:*:*:*:*:*
netgearr6220-cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*
netgearr6220_firmware*cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	ac2100	-	cpe:2.3:h:netgear:ac2100:-:::::::*
netgear	ac2100_firmware	*	cpe:2.3:o:netgear:ac2100_firmware::::::::
netgear	ac2400	-	cpe:2.3:h:netgear:ac2400:-:::::::*
netgear	ac2400_firmware	*	cpe:2.3:o:netgear:ac2400_firmware::::::::
netgear	ac2600	-	cpe:2.3:h:netgear:ac2600:-:::::::*
netgear	ac2600_firmware	*	cpe:2.3:o:netgear:ac2600_firmware::::::::
netgear	d7000v1	-	cpe:2.3:h:netgear:d7000v1:-:::::::*
netgear	d7000v1_firmware	*	cpe:2.3:o:netgear:d7000v1_firmware::::::::
netgear	r6220	-	cpe:2.3:h:netgear:r6220:-:::::::*
netgear	r6220_firmware	*	cpe:2.3:o:netgear:r6220_firmware::::::::

Rows per page:

1-10 of 341

References

kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955

www.zerodayinitiative.com/advisories/ZDI-21-1051/

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.7%

JSON

Related for NVD:CVE-2021-34865

prion1 cvelist1 zdi1 cve1