CVE-2021-34865

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.

Related CPE's

onetgearac2100_firmware********

hnetgearac2100-*******

onetgearac2400_firmware********

hnetgearac2400-*******

onetgearac2600_firmware********

hnetgearac2600-*******

onetgeard7000v1_firmware********

hnetgeard7000v1-*******

onetgearr6220_firmware********

hnetgearr6220-*******

References

https://www.zerodayinitiative.com/advisories/ZDI-21-1051/

Third Party AdvisoryVDB Entry

https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955

Vendor Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AttackVector

ADJACENT_NETWORK

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

NONE

Scope

UNCHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

HIGH

AvailabilityImpact

HIGH

BaseScore

8.8

BaseSeverity

HIGH

CvssV2 impact

Version

2.0

VectorString

AV:A/AC:L/Au:N/C:C/I:C/A:C

AccessVector

ADJACENT_NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

8.300000190734863

Created by Yello
About Severity.io