cbcvebase.
CVE-2021-34991
published 2021-11-15

CVE-2021-34991: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers…

high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.

Affected

45 ranges· showing 25
VendorProductVersion rangeFixed in
netgearcax80_firmware< 2.1.3.52.1.3.5
netgeard6220_firmware< 1.0.0.761.0.0.76
netgeard6400_firmware< 1.0.0.1081.0.0.108
netgeard7000v2_firmware< 1.0.0.761.0.0.76
netgeardc112a_firmware< 1.0.0.621.0.0.62
netgeardgn2200v4_firmware< 1.0.0.1261.0.0.126
netgearex3700_firmware< 1.0.0.941.0.0.94
netgearex3800_firmware< 1.0.0.941.0.0.94
netgearex6120_firmware< 1.0.0.661.0.0.66
netgearex6130_firmware< 1.0.0.661.0.0.66
netgearr6400_firmware< 1.0.1.761.0.1.76
netgearr6400v2
netgearr6400v2_firmware< 1.0.4.1201.0.4.120
netgearr6700v3_firmware< 1.0.4.1201.0.4.120
netgearr6900p_firmware< 1.3.3.1421.3.3.142
netgearr7000_firmware< 1.0.11.1281.0.11.128
netgearr7000p_firmware< 1.3.3.1421.3.3.142
netgearr7100lg_firmware< 1.0.0.721.0.0.72
netgearr7850_firmware< 1.0.5.761.0.5.76
netgearr7900p_firmware< 1.4.2.841.4.2.84
netgearr7960p_firmware< 1.4.2.841.4.2.84
netgearr8000_firmware< 1.0.4.761.0.4.76
netgearr8000p_firmware< 1.4.2.841.4.2.84
netgearr8300_firmware< 1.0.2.1561.0.2.156
netgearr8500_firmware< 1.0.2.1561.0.2.156