Remote Code Execution Vulnerability in NETGEAR Routers via Circle Parental Control Service
CVE-2021-40847

8.1HIGH

Key Information:

Vendor: Netgear
Status: R6400v2 Firmware
Vendor: CVE Published:; 21 September 2021

Summary

The Circle Parental Control Service on various NETGEAR routers has a vulnerability in its update process that allows remote attackers to execute arbitrary code. This issue arises from the circumvention of security measures, as the update mechanism relies on cleartext HTTP for version checks and database updates. Attackers capable of performing a Man-in-the-Middle (MitM) attack can intercept these requests, supplying malicious payloads disguised as legitimate updates. This exploitation can lead to the overwriting of critical executable files with unauthorized code, significantly compromising device integrity. Although the parental control feature is not enabled by default, the update daemon is on, thereby increasing the susceptibility of these routers to exploitation.

References

https://kb.netgear.com/000064039/Security-Advisory-for-Re...

x_refsource_MISC

https://blog.grimm-co.com/2021/09/mama-always-told-me-not...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2021
Vulnerability Reserved
Sep 10, 2021