CVE-2021-34982

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability

Description

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.

INFO

Published Date :

2024-05-07T22:54:50.139Z

Last Modified :

2024-08-04T00:26:55.936Z

Source :

zdi

AFFECTED PRODUCTS

The following products are affected by CVE-2021-34982 vulnerability.

Vendors	Products
Netgear	D6220 D6220 Firmware D6400 D6400 Firmware D7000v2 D7000v2 Firmware Dc112a Dc112a Firmware Dgn2200v4 Dgn2200v4 Firmware Ex3700 Ex3700 Firmware Ex3800 Ex3800 Firmware Ex6120 Ex6120 Firmware Ex6130 Ex6130 Firmware Ex7000 Ex7000 Firmware Ex7500 Ex7500 Firmware Lax20 Lax20 Firmware Mr60 Mr60 Firmware Mr80 Mr80 Firmware Ms60 Ms60 Firmware Ms80 Ms80 Firmware Multiple Router Firmware R6400 R6400 Firmware R6400v2 R6400v2 Firmware R6700v3 R6700v3 Firmware R6900p R6900p Firmware R7000 R7000 Firmware R7000p R7000p Firmware R7100lg R7100lg Firmware R7850 R7850 Firmware R7900p R7900p Firmware R7960p R7960p Firmware R8000 R8000 Firmware R8000p R8000p Firmware R8300 R8300 Firmware R8500 R8500 Firmware Rax15 Rax15 Firmware Rax20 Rax200 Rax200 Firmware Rax20 Firmware Rax35v2 Rax35v2 Firmware Rax38v2 Rax38v2 Firmware Rax40v2 Rax40v2 Firmware Rax42 Rax42 Firmware Rax43 Rax43 Firmware Rax45 Rax45 Firmware Rax48 Rax48 Firmware Rax50 Rax50 Firmware Rax50s Rax50s Firmware Rax75 Rax75 Firmware Rax80 Rax80 Firmware Raxe450 Raxe450 Firmware Raxe500 Raxe500 Firmware Rs400 Rs400 Firmware V6510-1fxaus V6510-1fxaus Firmware Wndr3400v3 Wndr3400v3 Firmware Wnr3500lv2 Wnr3500lv2 Firmware Xr1000 Xr1000 Firmware Xr300 Xr300 Firmware

Vendors

Products

Netgear

D6220
D6220 Firmware
D6400
D6400 Firmware
D7000v2
D7000v2 Firmware
Dc112a
Dc112a Firmware
Dgn2200v4
Dgn2200v4 Firmware
Ex3700
Ex3700 Firmware
Ex3800
Ex3800 Firmware
Ex6120
Ex6120 Firmware
Ex6130
Ex6130 Firmware
Ex7000
Ex7000 Firmware
Ex7500
Ex7500 Firmware
Lax20
Lax20 Firmware
Mr60
Mr60 Firmware
Mr80
Mr80 Firmware
Ms60
Ms60 Firmware
Ms80
Ms80 Firmware
Multiple Router Firmware
R6400
R6400 Firmware
R6400v2
R6400v2 Firmware
R6700v3
R6700v3 Firmware
R6900p
R6900p Firmware
R7000
R7000 Firmware
R7000p
R7000p Firmware
R7100lg
R7100lg Firmware
R7850
R7850 Firmware
R7900p
R7900p Firmware
R7960p
R7960p Firmware
R8000
R8000 Firmware
R8000p
R8000p Firmware
R8300
R8300 Firmware
R8500
R8500 Firmware
Rax15
Rax15 Firmware
Rax20
Rax200
Rax200 Firmware
Rax20 Firmware
Rax35v2
Rax35v2 Firmware
Rax38v2
Rax38v2 Firmware
Rax40v2
Rax40v2 Firmware
Rax42
Rax42 Firmware
Rax43
Rax43 Firmware
Rax45
Rax45 Firmware
Rax48
Rax48 Firmware
Rax50
Rax50 Firmware
Rax50s
Rax50s Firmware
Rax75
Rax75 Firmware
Rax80
Rax80 Firmware
Raxe450
Raxe450 Firmware
Raxe500
Raxe500 Firmware
Rs400
Rs400 Firmware
V6510-1fxaus
V6510-1fxaus Firmware
Wndr3400v3
Wndr3400v3 Firmware
Wnr3500lv2
Wnr3500lv2 Firmware
Xr1000
Xr1000 Firmware
Xr300
Xr300 Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-34982.

URL	Resource
https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159
https://www.zerodayinitiative.com/advisories/ZDI-21-1274/

CVSS Vulnerability Scoring System

V3.0

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact