Severity.io | CVE-2021-27239

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851.

Related CPE's

o netgear d6220_firmware ********

h netgear d6220 -*******

o netgear d6400_firmware ********

h netgear d6400 -*******

o netgear d7000_firmware ********

h netgear d7000 v2 *******

o netgear d8500_firmware ********

h netgear d8500 -*******

o netgear dc112a_firmware ********

h netgear dc112a -*******

References

N/A

Vendor Advisory

N/A

Third Party AdvisoryVDB Entry

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	ADJACENT_NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	NONE
BaseScore	8.8
VectorString	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	COMPLETE
AvailabilityImpact	COMPLETE
IntegrityImpact	COMPLETE
BaseScore	8.3
VectorString	AV:A/AC:L/Au:N/C:C/I:C/A:C
Version	2.0
AccessVector	ADJACENT_NETWORK
Authentication	NONE