CVE-2021-34947

07.05.2024, 23:15

NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-13055.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdi	CNA	8.8 HIGH				CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Vendor	Product	Version
netgear	d7800_firmware	𝑥 < 1.0.1.64
netgear	ex2700_firmware	𝑥 < 1.0.1.66
netgear	ex6100_firmware	𝑥 < 1.0.1.106
netgear	ex6150_firmware	𝑥 < 1.0.1.106
netgear	ex6200_firmware	𝑥 < 1.0.1.86
netgear	ex6250_firmware	𝑥 < 1.0.0.146
netgear	ex6400_firmware	𝑥 < 1.0.2.164
netgear	ex6400v2_firmware	𝑥 < 1.0.0.146
netgear	ex6410_firmware	𝑥 < 1.0.0.146
netgear	ex6420_firmware	𝑥 < 1.0.0.146
netgear	ex6500v1_firmware	𝑥 < 1.0.0.146
netgear	ex7300_firmware	𝑥 < 1.0.2.164
netgear	ex7300v2_firmware	𝑥 < 1.0.0.146
netgear	ex7320_firmware	𝑥 < 1.0.0.146
netgear	ex7700_firmware	𝑥 < 1.0.0.222
netgear	ex8000_firmware	𝑥 < 1.0.1.238
netgear	lbr1020_firmware	𝑥 < 2.6.5.32
netgear	lbr20_firmware	𝑥 < 2.6.5.32
netgear	r6700ax_firmware	𝑥 < 1.0.5.108
netgear	r7800_firmware	𝑥 < 1.0.2.84
netgear	r8900_firmware	𝑥 < 1.0.5.36
netgear	r9000_firmware	𝑥 < 1.0.5.36
netgear	rax10_firmware	𝑥 < 1.0.5.108
netgear	rax120_firmware	𝑥 < 1.2.2.24
netgear	rax120v2_firmware	𝑥 < 1.2.2.24
netgear	rax70_firmware	𝑥 < 1.0.5.108
netgear	rax78_firmware	𝑥 < 1.0.5.108
netgear	rbr10_firmware	𝑥 < 2.7.4.24
netgear	rbr20_firmware	𝑥 < 2.7.4.24
netgear	rbr40_firmware	𝑥 < 2.7.4.24
netgear	rbr50_firmware	𝑥 < 2.7.4.24
netgear	rbs10_firmware	𝑥 < 2.7.4.24
netgear	rbs20_firmware	𝑥 < 2.7.4.24
netgear	rbs40_firmware	𝑥 < 2.7.4.24
netgear	rbs50_firmware	𝑥 < 2.7.4.24
netgear	rbs50y_firmware	𝑥 < 2.7.4.12
netgear	wn3000rpv2_firmware	𝑥 < 1.0.0.88
netgear	wnr2000v5_firmware	𝑥 < 1.0.0.78
netgear	xr450_firmware	𝑥 < 2.3.2.130
netgear	xr500_firmware	𝑥 < 2.3.2.130
netgear	xr700_firmware	𝑥 < 1.0.1.44

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129

https://www.zerodayinitiative.com/advisories/ZDI-21-1116/

https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129

https://www.zerodayinitiative.com/advisories/ZDI-21-1116/