Sign-up

ID

VAR-202104-1039


CVE

CVE-2021-27253


TITLE

(Pwn2Own) NETGEAR Nighthawk R7800 Heap-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-249

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303

Trust: 1.62

sources: NVD: CVE-2021-27253 // ZDI: ZDI-21-249 // VULMON: CVE-2021-27253

AFFECTED PRODUCTS

vendor:netgearmodel:rbk53scope:ltversion:2.7.2.104

Trust: 1.0

vendor:netgearmodel:r9000scope:ltversion:1.0.5.28

Trust: 1.0

vendor:netgearmodel:ex6250scope:ltversion:1.0.0.134

Trust: 1.0

vendor:netgearmodel:r7800scope:ltversion:1.0.2.80

Trust: 1.0

vendor:netgearmodel:rbr20scope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:r8900scope:ltversion:1.0.5.28

Trust: 1.0

vendor:netgearmodel:rbk20scope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:rbk40scope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:ex6400scope:ltversion:1.0.2.158

Trust: 1.0

vendor:netgearmodel:rbs50scope:ltversion:2.7.2.104

Trust: 1.0

vendor:netgearmodel:rbs10scope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:rbk12scope:ltversion:2.7.2.104

Trust: 1.0

vendor:netgearmodel:rbs40scope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:d7800scope:ltversion:1.0.1.60

Trust: 1.0

vendor:netgearmodel:ex6420scope:ltversion:1.0.0.134

Trust: 1.0

vendor:netgearmodel:ex7300scope:ltversion:1.0.2.158

Trust: 1.0

vendor:netgearmodel:ex6400v2scope:ltversion:1.0.0.134

Trust: 1.0

vendor:netgearmodel:ex7320scope:ltversion:1.0.0.134

Trust: 1.0

vendor:netgearmodel:rbr50scope:ltversion:2.7.2.104

Trust: 1.0

vendor:netgearmodel:rbk13scope:ltversion:2.7.2.104

Trust: 1.0

vendor:netgearmodel:rbk23scope:ltversion:2.7.2.104

Trust: 1.0

vendor:netgearmodel:br200scope:ltversion:5.10.0.5

Trust: 1.0

vendor:netgearmodel:rbk44scope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:xr500scope:ltversion:2.3.2.114

Trust: 1.0

vendor:netgearmodel:lbr20scope:ltversion:2.6.3.50

Trust: 1.0

vendor:netgearmodel:rbs20scope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:ex6410scope:ltversion:1.0.0.134

Trust: 1.0

vendor:netgearmodel:rbs50yscope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:rbk50scope:ltversion:2.7.2.104

Trust: 1.0

vendor:netgearmodel:xr450scope:ltversion:2.3.2.114

Trust: 1.0

vendor:netgearmodel:br500scope:ltversion:5.10.0.5

Trust: 1.0

vendor:netgearmodel:rbk14scope:ltversion:2.7.2.104

Trust: 1.0

vendor:netgearmodel:ex6150scope:ltversion:1.0.1.98

Trust: 1.0

vendor:netgearmodel:ex7300v2scope:ltversion:1.0.0.134

Trust: 1.0

vendor:netgearmodel:xr700scope:ltversion:1.0.1.38

Trust: 1.0

vendor:netgearmodel:rbr40scope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:ex6100v2scope:ltversion:1.0.1.98

Trust: 1.0

vendor:netgearmodel:rbk43scope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:ex7700scope:ltversion:1.0.0.216

Trust: 1.0

vendor:netgearmodel:rbr10scope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:rbk43sscope:ltversion:2.6.2.104

Trust: 1.0

vendor:netgearmodel:ex8000scope:ltversion:1.0.1.232

Trust: 1.0

vendor:netgearmodel:rbk15scope:ltversion:2.7.2.104

Trust: 1.0

vendor:netgearmodel:r7800scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-249 // NVD: CVE-2021-27253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-27253
value: HIGH

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2021-27253
value: HIGH

Trust: 1.0

ZDI: CVE-2021-27253
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202104-1071
value: HIGH

Trust: 0.6

VULMON: CVE-2021-27253
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-27253
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2021-27253
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2021-27253
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

ZDI: CVE-2021-27253
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-249 // VULMON: CVE-2021-27253 // CNNVD: CNNVD-202104-1071 // NVD: CVE-2021-27253 // NVD: CVE-2021-27253

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2021-27253

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-1071

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202104-1071

PATCH

title:NETGEAR has issued an update to correct this vulnerability.url:https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders

Trust: 0.7

title:Netgear NETGEAR Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148415

Trust: 0.6

sources: ZDI: ZDI-21-249 // CNNVD: CNNVD-202104-1071

EXTERNAL IDS

db:NVDid:CVE-2021-27253

Trust: 2.4

db:ZDIid:ZDI-21-249

Trust: 2.4

db:ZDI_CANid:ZDI-CAN-12303

Trust: 0.7

db:CNNVDid:CNNVD-202104-1071

Trust: 0.6

db:VULMONid:CVE-2021-27253

Trust: 0.1

sources: ZDI: ZDI-21-249 // VULMON: CVE-2021-27253 // CNNVD: CNNVD-202104-1071 // NVD: CVE-2021-27253

REFERENCES

url:https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders

Trust: 2.4

url:https://www.zerodayinitiative.com/advisories/zdi-21-249/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-27253

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-21-249 // VULMON: CVE-2021-27253 // CNNVD: CNNVD-202104-1071 // NVD: CVE-2021-27253

CREDITS

Ho\xc3\xa0ng Th\xe1\xba\xa1ch Nguy\xe1\xbb\x85n, Lucas Tay

Trust: 0.7

sources: ZDI: ZDI-21-249

SOURCES

db:ZDIid:ZDI-21-249
db:VULMONid:CVE-2021-27253
db:CNNVDid:CNNVD-202104-1071
db:NVDid:CVE-2021-27253

LAST UPDATE DATE

2024-11-23T22:33:05.324000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-249date:2021-02-24T00:00:00
db:VULMONid:CVE-2021-27253date:2021-04-23T00:00:00
db:CNNVDid:CNNVD-202104-1071date:2021-04-25T00:00:00
db:NVDid:CVE-2021-27253date:2024-11-21T05:57:41.613

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-249date:2021-02-24T00:00:00
db:VULMONid:CVE-2021-27253date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202104-1071date:2021-04-14T00:00:00
db:NVDid:CVE-2021-27253date:2021-04-14T16:15:13.797