cbcvebase.
CVE-2021-27254
published 2021-03-05

CVE-2021-27254: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to…

high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.

Affected

44 ranges· showing 25
VendorProductVersion rangeFixed in
netgearbr200_firmware< 5.10.0.55.10.0.5
netgearbr500_firmware< 5.10.0.55.10.0.5
netgeard7800_firmware< 1.0.1.601.0.1.60
netgearex6100v2_firmware< 1.0.1.981.0.1.98
netgearex6150v2_firmware< 1.0.1.981.0.1.98
netgearex6250_firmware< 1.0.0.1341.0.0.134
netgearex6400_firmware< 1.0.2.1581.0.2.158
netgearex6400v2_firmware< 1.0.0.1341.0.0.134
netgearex6410_firmware< 1.0.0.1341.0.0.134
netgearex6420_firmware< 1.0.0.1341.0.0.134
netgearex7300_firmware< 1.0.2.1581.0.2.158
netgearex7300v2_firmware< 1.0.0.1341.0.0.134
netgearex7320_firmware< 1.0.0.1341.0.0.134
netgearex7700_firmware< 1.0.0.2161.0.0.216
netgearex8000_firmware< 1.0.1.2321.0.1.232
netgearlbr20_firmware< 2.6.3.502.6.3.50
netgearr7800
netgearr7800_firmware< 1.0.2.801.0.2.80
netgearr8900_firmware< 1.0.5.281.0.5.28
netgearr9000_firmware< 1.0.5.281.0.5.28
netgearrbk12_firmware< 2.7.2.1042.7.2.104
netgearrbk13_firmware< 2.7.2.1042.7.2.104
netgearrbk14_firmware< 2.7.2.1042.7.2.104
netgearrbk15_firmware< 2.7.2.1042.7.2.104
netgearrbk20_firmware< 2.6.2.1042.6.2.104