CVE-2021-34982

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.




. Was ZDI-CAN-13709.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdiCNA
8.8 HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
netgeardc112a_firmware
𝑥
< 1.0.0.62
netgearex3700_firmware
𝑥
< 1.0.0.94
netgearex3800_firmware
𝑥
< 1.0.0.94
netgearex6120_firmware
𝑥
< 1.0.0.66
netgearex6130_firmware
𝑥
< 1.0.0.46
netgearex7000_firmware
𝑥
< 1.0.1.106
netgearex7500_firmware
𝑥
< 1.0.1.76
netgearmr60_firmware
𝑥
< 1.1.6.122
netgearmr80_firmware
𝑥
< 1.1.6.10
netgearms60_firmware
𝑥
< 1.1.6.122
netgearms80_firmware
𝑥
< 1.1.6.10
netgearlax20_firmware
𝑥
< 1.1.6.30
netgearr6400_firmware
𝑥
< 1.0.1.76
netgearr6400v2_firmware
𝑥
< 1.0.4.120
netgearr6700v3_firmware
𝑥
< 1.0.4.120
netgearr6900p_firmware
𝑥
< 1.3.3.148
netgearr7000_firmware
𝑥
< 1.0.11.128
netgearr7000p_firmware
𝑥
< 1.3.3.148
netgearr7100lg_firmware
𝑥
< 1.0.0.72
netgearr7850_firmware
𝑥
< 1.0.5.76
netgearr7900p_firmware
𝑥
< 1.4.2.84
netgearr7960p_firmware
𝑥
< 1.4.2.84
netgearr8000_firmware
𝑥
< 1.0.4.76
netgearr8000p_firmware
𝑥
< 1.4.2.84
netgearr8300_firmware
𝑥
< 1.0.2.156
netgearr8500_firmware
𝑥
< 1.0.2.156
netgearrax15_firmware
𝑥
< 1.0.4.100
netgearrax20_firmware
𝑥
< 1.0.4.100
netgearrax200_firmware
𝑥
< 1.0.5.132
netgearrax35v2_firmware
𝑥
< 1.0.4.100
netgearrax38v2_firmware
𝑥
< 1.0.4.100
netgearrax40v2_firmware
𝑥
< 1.0.4.100
netgearrax42_firmware
𝑥
< 1.0.4.100
netgearrax43_firmware
𝑥
< 1.0.4.100
netgearrax45_firmware
𝑥
< 1.0.4.100
netgearrax48_firmware
𝑥
< 1.0.4.100
netgearrax50_firmware
𝑥
< 1.0.4.100
netgearrax50s_firmware
𝑥
< 1.0.4.100
netgearrax75_firmware
𝑥
< 1.0.5.132
netgearrax80_firmware
𝑥
< 1.0.5.132
netgearraxe450_firmware
𝑥
< 1.0.8.70
netgearraxe500_firmware
𝑥
< 1.0.8.70
netgearrs400_firmware
𝑥
< 1.5.1.80
netgearwndr3400v3_firmware
𝑥
< 1.0.1.42
netgearwnr3500lv2_firmware
𝑥
< 1.2.0.70
netgearxr1000_firmware
𝑥
< 1.0.0.64
netgearxr300_firmware
𝑥
< 1.0.3.68
netgeard6220_firmware
𝑥
< 1.0.0.76
netgeard6400_firmware
𝑥
< 1.0.0.108
netgeard7000v2_firmware
𝑥
< 1.0.0.76
netgeardgn2200v4_firmware
𝑥
< 1.0.0.126
netgearv6510-1fxaus_firmware
𝑥
< 1.0.0.80
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159
https://www.zerodayinitiative.com/advisories/ZDI-21-1274/
https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159
https://www.zerodayinitiative.com/advisories/ZDI-21-1274/