Code Execution Vulnerability in NETGEAR Nighthawk Router
CVE-2021-27251

8.8HIGH

Key Information:

Vendor: Netgear
Status: R7800
Vendor: CVE Published:; 14 April 2021

Summary

This vulnerability allows attackers within the network to execute arbitrary code on NETGEAR Nighthawk R7800 devices. The flaw arises from insecure handling of firmware updates, which rely on a fallback to an insecure protocol for delivery. As a result, an attacker can exploit this weakness without needing authentication, allowing code execution with root privileges. This type of vulnerability poses significant risks, as it can lead to unauthorized access and control over affected devices.

Affected Version(s)

R7800 1.0.2.76

References

https://kb.netgear.com/000062883/Security-Advisory-for-Mu...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-247/

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 14, 2021
Vulnerability Reserved
Feb 16, 2021

Credit

Team FLASHBACK: Pedro Ribeiro (@pedrib1337 | [email protected]) + Radek Domanski (@RabbitPro)