Lucene search
Xinan Zhou (the University of California, Riverside and Fudan University)ZDI-21-1239HistoryOct 28, 2021 - 12:00 a.m.
NETGEAR R7000 SOAP ParentalControl Authentication Bypass Vulnerability
2021-10-2800:00:00
Xinan Zhou (the University of California, Riverside and Fudan University)
www.zerodayinitiative.com
31
netgear r7000
soap
parentalcontrol
authentication bypass
vulnerability
network-adjacent
attackers
password reset
EPSS
0.001
Percentile
33.4%
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests. The issue results from the lack of proper authentication verification before performing a password reset. An attacker can leverage this vulnerability to reset the admin password.
Related
cvelist
cvelist
CVE-2021-34977
2022-01-13 21:44:31
nvd
nvd
CVE-2021-34977
2022-01-13 22:15:12
cnvd
cnvd
NETGEAR R7000 Licensing Issue Vulnerability
2021-10-31 00:00:00
prion
prion
Authentication flaw
2022-01-13 22:15:00
cve
cve
CVE-2021-34977
2022-01-13 22:15:12