Strix
26.1K

CVE-2021-27239

HIGHCVSS 8.8/10EPSS 0.75%

Last modified

CVE-2021-27239 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. EPSS estimates a 0.75% chance of exploitation in the next 30 days.

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.75%

50.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NetgearD6220 Firmware< 1.0.0.68
NetgearD6400 Firmware< 1.0.0.102
NetgearD7000 Firmware< 1.0.0.66
NetgearD8500 Firmware< 1.0.3.60
NetgearDc112a Firmware< 1.0.0.54
NetgearEx7000 Firmware< 1.0.1.94
NetgearEx7500 Firmware< 1.0.0.72
NetgearR6250 Firmware< 1.0.4.48
NetgearR6300 Firmware< 1.0.4.50
NetgearR6400 Firmware< 1.0.1.68
NetgearR6400 Firmware< 1.0.4.102
NetgearR6700 Firmware< 1.0.4.102
NetgearR6900p Firmware< 1.3.2.132
NetgearR7000 Firmware< 1.0.11.116
NetgearR7000p Firmware< 1.3.2.132
NetgearR7100lg Firmware< 1.0.0.64
NetgearR7850 Firmware< 1.0.5.68
NetgearR7900 Firmware< 1.0.4.38
NetgearR7900p Firmware< 1.4.1.68
NetgearR7960p Firmware< 1.4.1.68
NetgearR8000 Firmware< 1.0.4.68
NetgearR8000p Firmware< 1.4.1.68
NetgearR8300 Firmware< 1.0.2.144
NetgearR8500 Firmware< 1.0.2.144
NetgearRax200 Firmware< 1.0.2.88
NetgearRax75 Firmware< 1.0.3.102
NetgearRax80 Firmware< 1.0.3.102
NetgearRbr750 Firmware< 3.2.17.12
NetgearRbr850 Firmware< 3.2.17.12
NetgearRbs40v Firmware< 2.6.2.4
NetgearRbs750 Firmware< 3.2.17.12
NetgearRbs850 Firmware< 3.2.17.12
NetgearRs400 Firmware<= 1.5.0.68
NetgearWndr3400 Firmware< 1.0.1.38
NetgearWnr3500l Firmware< 1.2.0.66
NetgearXr300 Firmware< 1.0.3.56

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-27239?
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851.
How severe is CVE-2021-27239?
CVE-2021-27239 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.75% probability of exploitation in the next 30 days.
How do I fix CVE-2021-27239?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-27239?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST