Details of VAR-202103-0947

ID

VAR-202103-0947

CVE

CVE-2021-27256

TITLE

NETGEAR R7800 In firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004431

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355. NETGEAR R7800 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-12355 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 2.34

sources: NVD: CVE-2021-27256 // JVNDB: JVNDB-2021-004431 // ZDI: ZDI-21-262 // VULMON: CVE-2021-27256

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk53	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.5.28	Trust: 1.0
vendor:	netgear	model:	ex6250	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.80	Trust: 1.0
vendor:	netgear	model:	rbr20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.5.28	Trust: 1.0
vendor:	netgear	model:	rbk20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6400	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	rbs50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbs10	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk12	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbs40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.60	Trust: 1.0
vendor:	netgear	model:	ex6420	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex7300	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	ex6400v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex7320	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbr50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbk13	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbk23	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	br200	scope:	lt	version:	5.10.0.5	Trust: 1.0
vendor:	netgear	model:	rbk44	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	xr500	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	netgear	model:	lbr20	scope:	lt	version:	2.6.3.50	Trust: 1.0
vendor:	netgear	model:	ex6150v2	scope:	lt	version:	1.0.1.98	Trust: 1.0
vendor:	netgear	model:	rbs20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6410	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbs50y	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	xr450	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	netgear	model:	br500	scope:	lt	version:	5.10.0.5	Trust: 1.0
vendor:	netgear	model:	rbk14	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	ex7300v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	xr700	scope:	lt	version:	1.0.1.38	Trust: 1.0
vendor:	netgear	model:	rbr40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6100v2	scope:	lt	version:	1.0.1.98	Trust: 1.0
vendor:	netgear	model:	rbk43	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex7700	scope:	lt	version:	1.0.0.216	Trust: 1.0
vendor:	netgear	model:	rbr10	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk43s	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex8000	scope:	lt	version:	1.0.1.232	Trust: 1.0
vendor:	netgear	model:	rbk15	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	ネットギア	model:	ex6150v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6400v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6100v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	br200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6250	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6420	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6410	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	br500	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	r7800	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-262 // JVNDB: JVNDB-2021-004431 // NVD: CVE-2021-27256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27256
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2021-27256
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-27256
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-27256
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202102-1749
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-27256
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-27256
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

zdi-disclosures@trendmicro.com:	CVE-2021-27256
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-27256
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2021-27256
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-262 // VULMON: CVE-2021-27256 // JVNDB: JVNDB-2021-004431 // CNNVD: CNNVD-202102-1749 // NVD: CVE-2021-27256 // NVD: CVE-2021-27256

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004431 // NVD: CVE-2021-27256

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202102-1749

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202102-1749

PATCH

title:	Security Advisory for Multiple Vulnerabilities on Some Routers, Satellites, and Extenders	url:	https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders	Trust: 1.5
title:	NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142980	Trust: 0.6

sources: ZDI: ZDI-21-262 // JVNDB: JVNDB-2021-004431 // CNNVD: CNNVD-202102-1749

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27256	Trust: 3.2
db:	ZDI	id:	ZDI-21-262	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-004431	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12355	Trust: 0.7
db:	CNNVD	id:	CNNVD-202102-1749	Trust: 0.6
db:	VULMON	id:	CVE-2021-27256	Trust: 0.1

sources: ZDI: ZDI-21-262 // VULMON: CVE-2021-27256 // JVNDB: JVNDB-2021-004431 // CNNVD: CNNVD-202102-1749 // NVD: CVE-2021-27256

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-21-262/	Trust: 3.2
url:	https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27256	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-21-262 // VULMON: CVE-2021-27256 // JVNDB: JVNDB-2021-004431 // CNNVD: CNNVD-202102-1749 // NVD: CVE-2021-27256

CREDITS

takeshi

Trust: 0.7

sources: ZDI: ZDI-21-262

SOURCES

db:	ZDI	id:	ZDI-21-262
db:	VULMON	id:	CVE-2021-27256
db:	JVNDB	id:	JVNDB-2021-004431
db:	CNNVD	id:	CNNVD-202102-1749
db:	NVD	id:	CVE-2021-27256

LAST UPDATE DATE

2024-11-23T22:57:58.511000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-262	date:	2021-02-26T00:00:00
db:	VULMON	id:	CVE-2021-27256	date:	2021-03-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-004431	date:	2021-11-22T05:39:00
db:	CNNVD	id:	CNNVD-202102-1749	date:	2021-03-19T00:00:00
db:	NVD	id:	CVE-2021-27256	date:	2024-11-21T05:57:42.160

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-262	date:	2021-02-26T00:00:00
db:	VULMON	id:	CVE-2021-27256	date:	2021-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-004431	date:	2021-11-22T00:00:00
db:	CNNVD	id:	CNNVD-202102-1749	date:	2021-02-26T00:00:00
db:	NVD	id:	CVE-2021-27256	date:	2021-03-05T20:15:12.550