Details of VAR-202104-1037

ID

VAR-202104-1037

CVE

CVE-2021-27251

TITLE

NETGEAR Nighthawk R7800 Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-006381

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308. Zero Day Initiative To this vulnerability ZDI-CAN-12308 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 2.34

sources: NVD: CVE-2021-27251 // JVNDB: JVNDB-2021-006381 // ZDI: ZDI-21-247 // VULMON: CVE-2021-27251

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk53	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.5.28	Trust: 1.0
vendor:	netgear	model:	ex6250	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.80	Trust: 1.0
vendor:	netgear	model:	rbr20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.5.28	Trust: 1.0
vendor:	netgear	model:	rbk20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6400	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	rbs50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbs10	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk12	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbs40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.60	Trust: 1.0
vendor:	netgear	model:	ex6420	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex7300	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	ex6400v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex7320	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbr50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbk13	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbk23	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	br200	scope:	lt	version:	5.10.0.5	Trust: 1.0
vendor:	netgear	model:	rbk44	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	xr500	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	netgear	model:	lbr20	scope:	lt	version:	2.6.3.50	Trust: 1.0
vendor:	netgear	model:	rbs20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6410	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbs50y	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	xr450	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	netgear	model:	br500	scope:	lt	version:	5.10.0.5	Trust: 1.0
vendor:	netgear	model:	rbk14	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	ex6150	scope:	lt	version:	1.0.1.98	Trust: 1.0
vendor:	netgear	model:	ex7300v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	xr700	scope:	lt	version:	1.0.1.38	Trust: 1.0
vendor:	netgear	model:	rbr40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6100v2	scope:	lt	version:	1.0.1.98	Trust: 1.0
vendor:	netgear	model:	rbk43	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex7700	scope:	lt	version:	1.0.0.216	Trust: 1.0
vendor:	netgear	model:	rbr10	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk43s	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex8000	scope:	lt	version:	1.0.1.232	Trust: 1.0
vendor:	netgear	model:	rbk15	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	ネットギア	model:	br500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6410	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6150	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6100v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6250	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	br200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6400v2	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	r7800	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-247 // JVNDB: JVNDB-2021-006381 // NVD: CVE-2021-27251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27251
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2021-27251
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-27251
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-27251
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202104-1136
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-27251
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

zdi-disclosures@trendmicro.com:	CVE-2021-27251
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-27251
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2021-27251
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-247 // JVNDB: JVNDB-2021-006381 // CNNVD: CNNVD-202104-1136 // NVD: CVE-2021-27251 // NVD: CVE-2021-27251

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.0
problemtype:	Sending important information in clear text (CWE-319) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-006381 // NVD: CVE-2021-27251

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-1136

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-1136

PATCH

title:	Security Advisory for Multiple Vulnerabilities on Some Routers, Satellites, and Extenders	url:	https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders	Trust: 1.5
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147498	Trust: 0.6

sources: ZDI: ZDI-21-247 // JVNDB: JVNDB-2021-006381 // CNNVD: CNNVD-202104-1136

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27251	Trust: 4.0
db:	ZDI	id:	ZDI-21-247	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-006381	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12308	Trust: 0.7
db:	CNNVD	id:	CNNVD-202104-1136	Trust: 0.6
db:	VULMON	id:	CVE-2021-27251	Trust: 0.1

sources: ZDI: ZDI-21-247 // VULMON: CVE-2021-27251 // JVNDB: JVNDB-2021-006381 // CNNVD: CNNVD-202104-1136 // NVD: CVE-2021-27251

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-21-247/	Trust: 2.6
url:	https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27251	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/319.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-21-247 // VULMON: CVE-2021-27251 // JVNDB: JVNDB-2021-006381 // CNNVD: CNNVD-202104-1136 // NVD: CVE-2021-27251

CREDITS

Team FLASHBACK: Pedro Ribeiro (@pedrib1337 | pedrib@gmail.com) + Radek Domanski (@RabbitPro)

Trust: 0.7

sources: ZDI: ZDI-21-247

SOURCES

db:	ZDI	id:	ZDI-21-247
db:	VULMON	id:	CVE-2021-27251
db:	JVNDB	id:	JVNDB-2021-006381
db:	CNNVD	id:	CNNVD-202104-1136
db:	NVD	id:	CVE-2021-27251

LAST UPDATE DATE

2024-11-23T22:54:48.346000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-247	date:	2021-02-24T00:00:00
db:	VULMON	id:	CVE-2021-27251	date:	2021-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-006381	date:	2022-01-06T05:00:00
db:	CNNVD	id:	CNNVD-202104-1136	date:	2021-04-28T00:00:00
db:	NVD	id:	CVE-2021-27251	date:	2024-11-21T05:57:41.280

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-247	date:	2021-02-24T00:00:00
db:	VULMON	id:	CVE-2021-27251	date:	2021-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-006381	date:	2022-01-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-1136	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-27251	date:	2021-04-14T16:15:13.657