CVE-2021-27253: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is…

high8.8CVSS 3.1

AVAACLPRNUINSUCHIHAH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.

Affected

44 ranges· showing 25

Vendor	Product	Version range	Fixed in
netgear	br200_firmware	< 5.10.0.5	5.10.0.5
netgear	br500_firmware	< 5.10.0.5	5.10.0.5
netgear	d7800_firmware	< 1.0.1.60	1.0.1.60
netgear	ex6100v2_firmware	< 1.0.1.98	1.0.1.98
netgear	ex6150_firmware	< 1.0.1.98	1.0.1.98
netgear	ex6250_firmware	< 1.0.0.134	1.0.0.134
netgear	ex6400_firmware	< 1.0.2.158	1.0.2.158
netgear	ex6400v2_firmware	< 1.0.0.134	1.0.0.134
netgear	ex6410_firmware	< 1.0.0.134	1.0.0.134
netgear	ex6420_firmware	< 1.0.0.134	1.0.0.134
netgear	ex7300_firmware	< 1.0.2.158	1.0.2.158
netgear	ex7300v2_firmware	< 1.0.0.134	1.0.0.134
netgear	ex7320_firmware	< 1.0.0.134	1.0.0.134
netgear	ex7700_firmware	< 1.0.0.216	1.0.0.216
netgear	ex8000_firmware	< 1.0.1.232	1.0.1.232
netgear	lbr20_firmware	< 2.6.3.50	2.6.3.50
netgear	r7800	—	—
netgear	r7800_firmware	< 1.0.2.80	1.0.2.80
netgear	r8900_firmware	< 1.0.5.28	1.0.5.28
netgear	r9000_firmware	< 1.0.5.28	1.0.5.28
netgear	rbk12_firmware	< 2.7.2.104	2.7.2.104
netgear	rbk13_firmware	< 2.7.2.104	2.7.2.104
netgear	rbk14_firmware	< 2.7.2.104	2.7.2.104
netgear	rbk15_firmware	< 2.7.2.104	2.7.2.104
netgear	rbk20_firmware	< 2.6.2.104	2.6.2.104