CVE-2021-27239

8.8HIGH

Key Information:

Vendor: Netgear
Status: Multiple Routers
Vendor: CVE Published:; 29 March 2021

Summary

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851.

Affected Version(s)

Multiple Routers firmware version 1.0.4.98

References

https://www.zerodayinitiative.com/advisories/ZDI-21-206/

x_refsource_MISC

https://kb.netgear.com/000062820/Security-Advisory-for-St...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2021
Vulnerability Reserved
Feb 16, 2021

Credit

Anonymous