Severity.io | CVE-2021-27252

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.

Related CPE's

o netgear br200_firmware ********

h netgear br200 -*******

o netgear br500_firmware ********

h netgear br500 -*******

o netgear d7800_firmware ********

h netgear d7800 -*******

o netgear ex6100v2_firmware ********

h netgear ex6100 v2 *******

o netgear ex6150_firmware ********

h netgear ex6150 v2 *******

References

https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-248/

Third Party AdvisoryVDB Entry

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	ADJACENT_NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	NONE
BaseScore	8.8
VectorString	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	COMPLETE
AvailabilityImpact	COMPLETE
IntegrityImpact	COMPLETE
BaseScore	8.3
VectorString	AV:A/AC:L/Au:N/C:C/I:C/A:C
Version	2.0
AccessVector	ADJACENT_NETWORK
Authentication	NONE