Remote Code Execution Vulnerability in NETGEAR Routers via Circle Parental Control Service
CVE-2021-40847

8.1HIGH

Key Information:

Vendor: Netgear
Status: R6400v2 Firmware
Vendor: CVE Published:; 21 September 2021

What is CVE-2021-40847?

The Circle Parental Control Service on various NETGEAR routers has a vulnerability in its update process that allows remote attackers to execute arbitrary code. This issue arises from the circumvention of security measures, as the update mechanism relies on cleartext HTTP for version checks and database updates. Attackers capable of performing a Man-in-the-Middle (MitM) attack can intercept these requests, supplying malicious payloads disguised as legitimate updates. This exploitation can lead to the overwriting of critical executable files with unauthorized code, significantly compromising device integrity. Although the parental control feature is not enabled by default, the update daemon is on, thereby increasing the susceptibility of these routers to exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://kb.netgear.com/000064039/Security-Advisory-for-Re...

x_refsource_MISC

https://blog.grimm-co.com/2021/09/mama-always-told-me-not...

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2021
Vulnerability Reserved
Sep 10, 2021

JSON

Netgear

What is CVE-2021-40847?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.