Buffer Overflow Vulnerability in Netgear R8000 Router
CVE-2021-34236

9.8CRITICAL

Key Information:

Vendor: Netgear
Status: R8000 Firmware
Vendor: CVE Published:; 8 September 2022

What is CVE-2021-34236?

A buffer overflow vulnerability exists in the Netgear R8000 Router, specifically in firmware version 1.0.4.56. This flaw allows remote attackers to exploit the router by sending a specially crafted POST request to the '/bd_genie_create_account.cgi' endpoint, using an excessively long 'register_country' parameter. Successful exploitation could lead to remote code execution or a denial-of-service condition, posing serious risks to network security.

References

https://github.com/Davidteeri/Bug-Report/blob/main/netgea...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2022
Vulnerability Reserved
Jun 7, 2021