Description

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.

Related CPE's

o

netgear

r7000_firmware

Vulnerable

h

netgear

r7000

-

References

https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/

ExploitThird Party Advisory

https://www.netgear.com/about/security/

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-26T13:15:07.787

4 years ago

Last modified

2021-05-06T20:38:27.247

4 years ago