Sign-up

ID

VAR-202103-0894


CVE

CVE-2021-27274


TITLE

NETGEAR ProSAFE Network Management System  Unlimited Upload Vulnerability in File Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004808

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124. Zero Day Initiative To this vulnerability ZDI-CAN-12124 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Netgear NETGEAR is a router made by Netgear. A hardware device that connects two or more networks, acting as a gateway between the networks

Trust: 2.43

sources: NVD: CVE-2021-27274 // JVNDB: JVNDB-2021-004808 // ZDI: ZDI-21-357 // VULHUB: VHN-386507 // VULMON: CVE-2021-27274

AFFECTED PRODUCTS

vendor:netgearmodel:prosafe network management systemscope:eqversion:1.6.0.26

Trust: 1.0

vendor:ネットギアmodel:prosafe network management systemscope:eqversion:1.6.0.26

Trust: 0.8

vendor:ネットギアmodel:prosafe network management systemscope:eqversion: -

Trust: 0.8

vendor:netgearmodel:prosafe network management systemscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-357 // JVNDB: JVNDB-2021-004808 // NVD: CVE-2021-27274

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-27274
value: CRITICAL

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2021-27274
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-27274
value: CRITICAL

Trust: 0.8

ZDI: CVE-2021-27274
value: CRITICAL

Trust: 0.7

CNNVD: CNNVD-202103-1562
value: CRITICAL

Trust: 0.6

VULHUB: VHN-386507
value: HIGH

Trust: 0.1

VULMON: CVE-2021-27274
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-27274
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-386507
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

zdi-disclosures@trendmicro.com: CVE-2021-27274
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2021-27274
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2021-27274
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-357 // VULHUB: VHN-386507 // VULMON: CVE-2021-27274 // JVNDB: JVNDB-2021-004808 // CNNVD: CNNVD-202103-1562 // NVD: CVE-2021-27274 // NVD: CVE-2021-27274

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.1

problemtype:Unlimited upload of dangerous types of files (CWE-434) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-386507 // JVNDB: JVNDB-2021-004808 // NVD: CVE-2021-27274

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1562

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-1562

PATCH

title:Security Advisory for Pre-Authentication Command Injection on NMS300, PSV-2020-0560url:https://kb.netgear.com/000062688/Security-Advisory-for-Pre-Authentication-Command-Injection-on-NMS300-PSV-2020-0560

Trust: 1.5

title:NETGEAR ProSAFE Network Management System Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145793

Trust: 0.6

sources: ZDI: ZDI-21-357 // JVNDB: JVNDB-2021-004808 // CNNVD: CNNVD-202103-1562

EXTERNAL IDS

db:NVDid:CVE-2021-27274

Trust: 3.3

db:ZDIid:ZDI-21-357

Trust: 3.3

db:JVNDBid:JVNDB-2021-004808

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-12124

Trust: 0.7

db:CNNVDid:CNNVD-202103-1562

Trust: 0.7

db:VULHUBid:VHN-386507

Trust: 0.1

db:VULMONid:CVE-2021-27274

Trust: 0.1

sources: ZDI: ZDI-21-357 // VULHUB: VHN-386507 // VULMON: CVE-2021-27274 // JVNDB: JVNDB-2021-004808 // CNNVD: CNNVD-202103-1562 // NVD: CVE-2021-27274

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-21-357/

Trust: 3.2

url:https://kb.netgear.com/000062688/security-advisory-for-pre-authentication-command-injection-on-nms300-psv-2020-0560

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-27274

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/434.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198892

Trust: 0.1

sources: ZDI: ZDI-21-357 // VULHUB: VHN-386507 // VULMON: CVE-2021-27274 // JVNDB: JVNDB-2021-004808 // CNNVD: CNNVD-202103-1562 // NVD: CVE-2021-27274

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-21-357

SOURCES

db:ZDIid:ZDI-21-357
db:VULHUBid:VHN-386507
db:VULMONid:CVE-2021-27274
db:JVNDBid:JVNDB-2021-004808
db:CNNVDid:CNNVD-202103-1562
db:NVDid:CVE-2021-27274

LAST UPDATE DATE

2024-11-23T22:44:15.237000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-357date:2021-03-26T00:00:00
db:VULHUBid:VHN-386507date:2021-03-30T00:00:00
db:VULMONid:CVE-2021-27274date:2021-03-30T00:00:00
db:JVNDBid:JVNDB-2021-004808date:2021-11-30T08:35:00
db:CNNVDid:CNNVD-202103-1562date:2021-03-31T00:00:00
db:NVDid:CVE-2021-27274date:2024-11-21T05:57:44.470

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-357date:2021-03-26T00:00:00
db:VULHUBid:VHN-386507date:2021-03-29T00:00:00
db:VULMONid:CVE-2021-27274date:2021-03-29T00:00:00
db:JVNDBid:JVNDB-2021-004808date:2021-11-30T00:00:00
db:CNNVDid:CNNVD-202103-1562date:2021-03-26T00:00:00
db:NVDid:CVE-2021-27274date:2021-03-29T21:15:13.187