Details of VAR-202103-0938

ID

VAR-202103-0938

CVE

CVE-2021-27239

TITLE

NETGEAR R6400 and R6700 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-005006

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851. NETGEAR R6400 and R6700 A stack-based buffer overflow vulnerability exists in the firmware. Zero Day Initiative To this vulnerability ZDI-CAN-11851 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 2.34

sources: NVD: CVE-2021-27239 // JVNDB: JVNDB-2021-005006 // ZDI: ZDI-21-206 // VULMON: CVE-2021-27239

AFFECTED PRODUCTS

vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.68	Trust: 1.0
vendor:	netgear	model:	wndr3400	scope:	lt	version:	1.0.1.38	Trust: 1.0
vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	rs400	scope:	lte	version:	1.5.0.68	Trust: 1.0
vendor:	netgear	model:	r6250	scope:	lt	version:	1.0.4.48	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.68	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	r7850	scope:	lt	version:	1.0.5.68	Trust: 1.0
vendor:	netgear	model:	rax80	scope:	lt	version:	1.0.3.102	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.64	Trust: 1.0
vendor:	netgear	model:	r7960p	scope:	lt	version:	1.4.1.68	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.4.102	Trust: 1.0
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.0.66	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.60	Trust: 1.0
vendor:	netgear	model:	d6400	scope:	lt	version:	1.0.0.102	Trust: 1.0
vendor:	netgear	model:	dc112a	scope:	lt	version:	1.0.0.54	Trust: 1.0
vendor:	netgear	model:	r8000p	scope:	lt	version:	1.4.1.68	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.4.102	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.2.132	Trust: 1.0
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.144	Trust: 1.0
vendor:	netgear	model:	rbs40v	scope:	lt	version:	2.6.2.4	Trust: 1.0
vendor:	netgear	model:	wnr3500l	scope:	lt	version:	1.2.0.66	Trust: 1.0
vendor:	netgear	model:	xr300	scope:	lt	version:	1.0.3.56	Trust: 1.0
vendor:	netgear	model:	r6300	scope:	lt	version:	1.0.4.50	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.116	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	ex7000	scope:	lt	version:	1.0.1.94	Trust: 1.0
vendor:	netgear	model:	r7900p	scope:	lt	version:	1.4.1.68	Trust: 1.0
vendor:	netgear	model:	rax75	scope:	lt	version:	1.0.3.102	Trust: 1.0
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.17.12	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.144	Trust: 1.0
vendor:	netgear	model:	ex7500	scope:	lt	version:	1.0.0.72	Trust: 1.0
vendor:	netgear	model:	rax200	scope:	lt	version:	1.0.2.88	Trust: 1.0
vendor:	netgear	model:	d6220	scope:	lt	version:	1.0.0.68	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.2.132	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.4.38	Trust: 1.0
vendor:	ネットギア	model:	ex7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d8500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6250	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex7500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	dc112a	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7000	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	multiple routers	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-206 // JVNDB: JVNDB-2021-005006 // NVD: CVE-2021-27239

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27239
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2021-27239
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-27239
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-27239
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202103-1618
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-27239
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-27239
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

zdi-disclosures@trendmicro.com:	CVE-2021-27239
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-27239
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2021-27239
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-206 // VULMON: CVE-2021-27239 // JVNDB: JVNDB-2021-005006 // CNNVD: CNNVD-202103-1618 // NVD: CVE-2021-27239 // NVD: CVE-2021-27239

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-005006 // NVD: CVE-2021-27239

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1618

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-1618

PATCH

title:	Security Advisory for Stack-based Buffer Overflow Remote Code Execution Vulnerability on Some Routers, PSV-2020-0432	url:	https://kb.netgear.com/000062820/Security-Advisory-for-Stack-based-Buffer-Overflow-Remote-Code-Execution-Vulnerability-on-Some-Routers-PSV-2020-0432	Trust: 1.5
title:	Netgear NETGEAR R6400 and NETGEAR R6700 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146570	Trust: 0.6
title:	-	url:	https://github.com/WizardsOfTheInternet/CVE-2021-27239	Trust: 0.1

sources: ZDI: ZDI-21-206 // VULMON: CVE-2021-27239 // JVNDB: JVNDB-2021-005006 // CNNVD: CNNVD-202103-1618

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27239	Trust: 3.2
db:	ZDI	id:	ZDI-21-206	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-005006	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-11851	Trust: 0.7
db:	CNNVD	id:	CNNVD-202103-1618	Trust: 0.6
db:	VULMON	id:	CVE-2021-27239	Trust: 0.1

sources: ZDI: ZDI-21-206 // VULMON: CVE-2021-27239 // JVNDB: JVNDB-2021-005006 // CNNVD: CNNVD-202103-1618 // NVD: CVE-2021-27239

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-21-206/	Trust: 2.6
url:	https://kb.netgear.com/000062820/security-advisory-for-stack-based-buffer-overflow-remote-code-execution-vulnerability-on-some-routers-psv-2020-0432	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27239	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/121.html	Trust: 0.1
url:	https://github.com/wizardsoftheinternet/cve-2021-27239	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-21-206 // VULMON: CVE-2021-27239 // JVNDB: JVNDB-2021-005006 // CNNVD: CNNVD-202103-1618 // NVD: CVE-2021-27239

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-21-206

SOURCES

db:	ZDI	id:	ZDI-21-206
db:	VULMON	id:	CVE-2021-27239
db:	JVNDB	id:	JVNDB-2021-005006
db:	CNNVD	id:	CNNVD-202103-1618
db:	NVD	id:	CVE-2021-27239

LAST UPDATE DATE

2024-11-23T22:37:03.359000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-206	date:	2021-02-24T00:00:00
db:	VULMON	id:	CVE-2021-27239	date:	2021-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-005006	date:	2021-12-06T05:23:00
db:	CNNVD	id:	CNNVD-202103-1618	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2021-27239	date:	2024-11-21T05:57:39.813

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-206	date:	2021-02-24T00:00:00
db:	VULMON	id:	CVE-2021-27239	date:	2021-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-005006	date:	2021-12-06T00:00:00
db:	CNNVD	id:	CNNVD-202103-1618	date:	2021-03-29T00:00:00
db:	NVD	id:	CVE-2021-27239	date:	2021-03-29T21:15:12.377