Details of VAR-202104-1038

ID

VAR-202104-1038

CVE

CVE-2021-27252

TITLE

NETGEAR R7800 In firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-006382

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216. NETGEAR R7800 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-12216 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 2.34

sources: NVD: CVE-2021-27252 // JVNDB: JVNDB-2021-006382 // ZDI: ZDI-21-248 // VULMON: CVE-2021-27252

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk53	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.5.28	Trust: 1.0
vendor:	netgear	model:	ex6250	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.80	Trust: 1.0
vendor:	netgear	model:	rbr20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.5.28	Trust: 1.0
vendor:	netgear	model:	rbk20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6400	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	rbs50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbs10	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk12	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbs40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.60	Trust: 1.0
vendor:	netgear	model:	ex6420	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex7300	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	ex6400v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	ex7320	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbr50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbk13	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	rbk23	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	br200	scope:	lt	version:	5.10.0.5	Trust: 1.0
vendor:	netgear	model:	rbk44	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	xr500	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	netgear	model:	lbr20	scope:	lt	version:	2.6.3.50	Trust: 1.0
vendor:	netgear	model:	rbs20	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6410	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	rbs50y	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk50	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	xr450	scope:	lt	version:	2.3.2.114	Trust: 1.0
vendor:	netgear	model:	br500	scope:	lt	version:	5.10.0.5	Trust: 1.0
vendor:	netgear	model:	rbk14	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	netgear	model:	ex6150	scope:	lt	version:	1.0.1.98	Trust: 1.0
vendor:	netgear	model:	ex7300v2	scope:	lt	version:	1.0.0.134	Trust: 1.0
vendor:	netgear	model:	xr700	scope:	lt	version:	1.0.1.38	Trust: 1.0
vendor:	netgear	model:	rbr40	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex6100v2	scope:	lt	version:	1.0.1.98	Trust: 1.0
vendor:	netgear	model:	rbk43	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex7700	scope:	lt	version:	1.0.0.216	Trust: 1.0
vendor:	netgear	model:	rbr10	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	rbk43s	scope:	lt	version:	2.6.2.104	Trust: 1.0
vendor:	netgear	model:	ex8000	scope:	lt	version:	1.0.1.232	Trust: 1.0
vendor:	netgear	model:	rbk15	scope:	lt	version:	2.7.2.104	Trust: 1.0
vendor:	ネットギア	model:	br500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6410	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6150	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6100v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6250	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	br200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6400v2	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	r7800	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-248 // JVNDB: JVNDB-2021-006382 // NVD: CVE-2021-27252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27252
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2021-27252
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-27252
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-27252
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202104-1073
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-27252
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

zdi-disclosures@trendmicro.com:	CVE-2021-27252
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-27252
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2021-27252
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-248 // JVNDB: JVNDB-2021-006382 // CNNVD: CNNVD-202104-1073 // NVD: CVE-2021-27252 // NVD: CVE-2021-27252

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-006382 // NVD: CVE-2021-27252

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-1073

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-1073

PATCH

title:	Security Advisory for Multiple Vulnerabilities on Some Routers, Satellites, and Extenders	url:	https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders	Trust: 1.5
title:	Netgear NETGEAR R7800 Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147594	Trust: 0.6

sources: ZDI: ZDI-21-248 // JVNDB: JVNDB-2021-006382 // CNNVD: CNNVD-202104-1073

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27252	Trust: 4.0
db:	ZDI	id:	ZDI-21-248	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-006382	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12216	Trust: 0.7
db:	CNNVD	id:	CNNVD-202104-1073	Trust: 0.6
db:	VULMON	id:	CVE-2021-27252	Trust: 0.1

sources: ZDI: ZDI-21-248 // VULMON: CVE-2021-27252 // JVNDB: JVNDB-2021-006382 // CNNVD: CNNVD-202104-1073 // NVD: CVE-2021-27252

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-21-248/	Trust: 2.6
url:	https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27252	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-21-248 // VULMON: CVE-2021-27252 // JVNDB: JVNDB-2021-006382 // CNNVD: CNNVD-202104-1073 // NVD: CVE-2021-27252

CREDITS

atdog (@atdog_tw)

Trust: 0.7

sources: ZDI: ZDI-21-248

SOURCES

db:	ZDI	id:	ZDI-21-248
db:	VULMON	id:	CVE-2021-27252
db:	JVNDB	id:	JVNDB-2021-006382
db:	CNNVD	id:	CNNVD-202104-1073
db:	NVD	id:	CVE-2021-27252

LAST UPDATE DATE

2024-11-23T22:47:39.525000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-248	date:	2021-02-24T00:00:00
db:	VULMON	id:	CVE-2021-27252	date:	2021-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-006382	date:	2022-01-06T05:00:00
db:	CNNVD	id:	CNNVD-202104-1073	date:	2021-04-28T00:00:00
db:	NVD	id:	CVE-2021-27252	date:	2024-11-21T05:57:41.453

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-248	date:	2021-02-24T00:00:00
db:	VULMON	id:	CVE-2021-27252	date:	2021-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-006382	date:	2022-01-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-1073	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-27252	date:	2021-04-14T16:15:13.737