ГлавнаяУязвимости → CVE-2021-34947
8.8высокая

CVE-2021-34947

Описание

NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055.

Затрагиваемое ПО
Netgear D7800 firmwareNetgear D7800Netgear Ex2700 firmwareNetgear Ex2700Netgear Ex6100 firmwareNetgear Ex6100Netgear Ex6150 firmwareNetgear Ex6150Netgear Ex6200 firmwareNetgear Ex6200Netgear Ex6250 firmwareNetgear Ex6250Netgear Ex6400 firmwareNetgear Ex6400Netgear Ex6400v2 firmwareNetgear Ex6400v2Netgear Ex6410 firmwareNetgear Ex6410Netgear Ex6420 firmwareNetgear Ex6420Netgear Ex6500v1 firmwareNetgear Ex6500v1Netgear Ex7300 firmwareNetgear Ex7300Netgear Ex7300v2 firmware
CVSS
Балл8.8 — высокая
ВекторCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129https://www.zerodayinitiative.com/advisories/ZDI-21-1116/https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129https://www.zerodayinitiative.com/advisories/ZDI-21-1116/