Details of VAR-202103-0946

ID

VAR-202103-0946

CVE

CVE-2021-27255

TITLE

NETGEAR R7800 Vulnerability regarding lack of authentication for important functions in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-004433

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360. Zero Day Initiative To this vulnerability ZDI-CAN-12360 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 2.25

sources: NVD: CVE-2021-27255 // JVNDB: JVNDB-2021-004433 // ZDI: ZDI-21-263

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk53	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.5.28	Trust: 1.0
vendor:	netgear	model:	ex6250	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.80	Trust: 1.0
vendor:	netgear	model:	rbr20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.5.28	Trust: 1.0
vendor:	netgear	model:	rbk20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6400	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	rbs50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbs10	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk12	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbs40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.60	Trust: 1.0
vendor:	netgear	model:	ex6420	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex7300	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	ex6400v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex7320	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbr50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbk13	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbk23	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	br200	scope:	lt	version:	5.10.0.5	Trust: 1.0
vendor:	netgear	model:	rbk44	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	xr500	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	netgear	model:	lbr20	scope:	lt	version:	2.6.3.50	Trust: 1.0
vendor:	netgear	model:	ex6150v2	scope:	lt	version:	1.0.1.98	Trust: 1.0
vendor:	netgear	model:	rbs20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6410	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbs50y	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	xr450	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	netgear	model:	br500	scope:	lt	version:	5.10.0.5	Trust: 1.0
vendor:	netgear	model:	rbk14	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	ex7300v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	xr700	scope:	lt	version:	1.0.1.38	Trust: 1.0
vendor:	netgear	model:	rbr40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6100v2	scope:	lt	version:	1.0.1.98	Trust: 1.0
vendor:	netgear	model:	rbk43	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex7700	scope:	lt	version:	1.0.0.216	Trust: 1.0
vendor:	netgear	model:	rbr10	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk43s	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex8000	scope:	lt	version:	1.0.1.232	Trust: 1.0
vendor:	netgear	model:	rbk15	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	ネットギア	model:	ex6150v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6400v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6100v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	br200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6250	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6420	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6410	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	br500	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	r7800	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-263 // JVNDB: JVNDB-2021-004433 // NVD: CVE-2021-27255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27255
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2021-27255
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-27255
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-27255
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-202102-1751
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-27255
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-27255
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2021-27255
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.0
Trust: 1.0
NVD:	CVE-2021-27255
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2021-27255
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-263 // JVNDB: JVNDB-2021-004433 // CNNVD: CNNVD-202102-1751 // NVD: CVE-2021-27255 // NVD: CVE-2021-27255

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for important features (CWE-306) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004433 // NVD: CVE-2021-27255

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202102-1751

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202102-1751

PATCH

title:	Security Advisory for Multiple Vulnerabilities on Some Routers, Satellites, and Extenders	url:	https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders	Trust: 1.5
title:	NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142982	Trust: 0.6

sources: ZDI: ZDI-21-263 // JVNDB: JVNDB-2021-004433 // CNNVD: CNNVD-202102-1751

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27255	Trust: 3.1
db:	ZDI	id:	ZDI-21-263	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-004433	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12360	Trust: 0.7
db:	CNNVD	id:	CNNVD-202102-1751	Trust: 0.6

sources: ZDI: ZDI-21-263 // JVNDB: JVNDB-2021-004433 // CNNVD: CNNVD-202102-1751 // NVD: CVE-2021-27255

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-21-263/	Trust: 3.0
url:	https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27255	Trust: 1.4

sources: ZDI: ZDI-21-263 // JVNDB: JVNDB-2021-004433 // CNNVD: CNNVD-202102-1751 // NVD: CVE-2021-27255

CREDITS

STARLabs

Trust: 0.7

sources: ZDI: ZDI-21-263

SOURCES

db:	ZDI	id:	ZDI-21-263
db:	JVNDB	id:	JVNDB-2021-004433
db:	CNNVD	id:	CNNVD-202102-1751
db:	NVD	id:	CVE-2021-27255

LAST UPDATE DATE

2024-11-23T22:33:06.689000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-263	date:	2021-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-004433	date:	2021-11-22T05:55:00
db:	CNNVD	id:	CNNVD-202102-1751	date:	2021-03-19T00:00:00
db:	NVD	id:	CVE-2021-27255	date:	2024-11-21T05:57:41.983

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-263	date:	2021-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-004433	date:	2021-11-22T00:00:00
db:	CNNVD	id:	CNNVD-202102-1751	date:	2021-02-26T00:00:00
db:	NVD	id:	CVE-2021-27255	date:	2021-03-05T20:15:12.457