ID

VAR-202109-1063


CVE

CVE-2021-40847


TITLE

NETGEAR code injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-83558 // CNNVD: CNNVD-202109-1539

DESCRIPTION

The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default. This daemon connects to Circle and NETGEAR to obtain version information and updates to the circled daemon and its filtering database. However, database updates from NETGEAR are unsigned and downloaded via cleartext HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to circled update requests with a crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code. This affects R6400v2 1.0.4.106, R6700 1.0.2.16, R6700v3 1.0.4.106, R6900 1.0.2.16, R6900P 1.3.2.134, R7000 1.0.11.123, R7000P 1.3.2.134, R7850 1.0.5.68, R7900 1.0.4.38, R8000 1.0.4.68, and RS400 1.5.0.68. Netgear NETGEAR is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. NETGEAR routers has security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-40847 // CNVD: CNVD-2021-83558 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-40847

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-83558

AFFECTED PRODUCTS

vendor:netgearmodel:r6400v2scope:eqversion:1.0.4.106

Trust: 1.6

vendor:netgearmodel:r6700scope:eqversion:1.0.2.16

Trust: 1.6

vendor:netgearmodel:r6700v3scope:eqversion:1.0.4.106

Trust: 1.6

vendor:netgearmodel:r6900scope:eqversion:1.0.2.16

Trust: 1.6

vendor:netgearmodel:r6900pscope:eqversion:1.3.2.134

Trust: 1.6

vendor:netgearmodel:r7000scope:eqversion:1.0.11.123

Trust: 1.6

vendor:netgearmodel:r7000pscope:eqversion:1.3.2.134

Trust: 1.6

vendor:netgearmodel:r7850scope:eqversion:1.0.5.68

Trust: 1.6

vendor:netgearmodel:r7900scope:eqversion:1.0.4.38

Trust: 1.6

vendor:netgearmodel:r8000scope:eqversion:1.0.4.68

Trust: 1.6

vendor:netgearmodel:rs400scope:eqversion:1.5.0.68

Trust: 1.6

sources: CNVD: CNVD-2021-83558 // NVD: CVE-2021-40847

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-40847
value: HIGH

Trust: 1.0

CNVD: CNVD-2021-83558
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1539
value: HIGH

Trust: 0.6

VULMON: CVE-2021-40847
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-40847
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-83558
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-40847
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2021-83558 // VULMON: CVE-2021-40847 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1539 // NVD: CVE-2021-40847

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

sources: NVD: CVE-2021-40847

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1539

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Patch for NETGEAR code injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/296256

Trust: 0.6

title:NETGEAR Fixes for code injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163585

Trust: 0.6

title: - url:https://github.com/Mehedi-Babu/bug_bounty_begginer

Trust: 0.1

title:bug-bounty-nooburl:https://github.com/hetmehtaa/bug-bounty-noob

Trust: 0.1

title:Threatposturl:https://threatpost.com/netgear-soho-security-bug-rce/174921/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/netgear-fixes-dangerous-code-execution-bug-in-multiple-routers/

Trust: 0.1

sources: CNVD: CNVD-2021-83558 // VULMON: CVE-2021-40847 // CNNVD: CNNVD-202109-1539

EXTERNAL IDS

db:NVDid:CVE-2021-40847

Trust: 2.3

db:CNVDid:CNVD-2021-83558

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021092208

Trust: 0.6

db:CNNVDid:CNNVD-202109-1539

Trust: 0.6

db:VULMONid:CVE-2021-40847

Trust: 0.1

sources: CNVD: CNVD-2021-83558 // VULMON: CVE-2021-40847 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1539 // NVD: CVE-2021-40847

REFERENCES

url:https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html

Trust: 1.7

url:https://kb.netgear.com/000064039/security-advisory-for-remote-code-execution-on-some-routers-psv-2021-0204

Trust: 1.7

url:https://securityaffairs.co/wordpress/122486/hacking/cve-2021-40847-netgear-soho-routers.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40847-netgear-soho-routers

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092208

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-40847

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/319.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/netgear-soho-security-bug-rce/174921/

Trust: 0.1

sources: CNVD: CNVD-2021-83558 // VULMON: CVE-2021-40847 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1539 // NVD: CVE-2021-40847

SOURCES

db:CNVDid:CNVD-2021-83558
db:VULMONid:CVE-2021-40847
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-1539
db:NVDid:CVE-2021-40847

LAST UPDATE DATE

2024-11-23T20:16:33.013000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-83558date:2021-11-04T00:00:00
db:VULMONid:CVE-2021-40847date:2021-10-07T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-1539date:2021-10-09T00:00:00
db:NVDid:CVE-2021-40847date:2024-11-21T06:24:55.017

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-83558date:2021-09-24T00:00:00
db:VULMONid:CVE-2021-40847date:2021-09-21T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-1539date:2021-09-21T00:00:00
db:NVDid:CVE-2021-40847date:2021-09-21T18:15:07.377