Buffer Overflow Vulnerability in NETGEAR Routers
CVE-2021-27239
8.8HIGH
Key Information:
- Vendor
Netgear
- Status
- Vendor
- CVE Published:
- 29 March 2021
What is CVE-2021-27239?
A stack-based buffer overflow vulnerability exists in the upnpd service of NETGEAR R6400 and R6700 routers running firmware version 1.0.4.98. This issue allows network-adjacent attackers to execute arbitrary code without prior authentication by sending specially crafted SSDP messages that exploit the flaw in the handling of the MX header field. If successful, an attacker could gain root-level access, potentially compromising the router's security and connected devices.
Affected Version(s)
Multiple Routers firmware version 1.0.4.98