Strix
26.1K

CVE-2021-34947

UnknownEPSS 0.55%

Last modified

CVE-2021-34947 is a vulnerability of currently unknown severity. NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. EPSS estimates a 0.55% chance of exploitation in the next 30 days.

Description

NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055.

Metrics

EPSS Probability
0.55%

41.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NetgearD7800 Firmware< 1.0.1.64
NetgearEx2700 Firmware< 1.0.1.66
NetgearEx6100 Firmware< 1.0.1.106
NetgearEx6150 Firmware< 1.0.1.106
NetgearEx6200 Firmware< 1.0.1.86
NetgearEx6250 Firmware< 1.0.0.146
NetgearEx6400 Firmware< 1.0.2.164
NetgearEx6400v2 Firmware< 1.0.0.146
NetgearEx6410 Firmware< 1.0.0.146
NetgearEx6420 Firmware< 1.0.0.146
NetgearEx6500v1 Firmware< 1.0.0.146
NetgearEx7300 Firmware< 1.0.2.164
NetgearEx7300v2 Firmware< 1.0.0.146
NetgearEx7320 Firmware< 1.0.0.146
NetgearEx7700 Firmware< 1.0.0.222
NetgearEx8000 Firmware< 1.0.1.238
NetgearLbr1020 Firmware< 2.6.5.32
NetgearLbr20 Firmware< 2.6.5.32
NetgearR6700ax Firmware< 1.0.5.108
NetgearR7800 Firmware< 1.0.2.84
NetgearR8900 Firmware< 1.0.5.36
NetgearR9000 Firmware< 1.0.5.36
NetgearRax10 Firmware< 1.0.5.108
NetgearRax120 Firmware< 1.2.2.24
NetgearRax120v2 Firmware< 1.2.2.24
NetgearRax70 Firmware< 1.0.5.108
NetgearRax78 Firmware< 1.0.5.108
NetgearRbr10 Firmware< 2.7.4.24
NetgearRbr20 Firmware< 2.7.4.24
NetgearRbr40 Firmware< 2.7.4.24
NetgearRbr50 Firmware< 2.7.4.24
NetgearRbs10 Firmware< 2.7.4.24
NetgearRbs20 Firmware< 2.7.4.24
NetgearRbs40 Firmware< 2.7.4.24
NetgearRbs50 Firmware< 2.7.4.24
NetgearRbs50y Firmware< 2.7.4.12
NetgearWn3000rpv2 Firmware< 1.0.0.88
NetgearWnr2000v5 Firmware< 1.0.0.78
NetgearXr450 Firmware< 2.3.2.130
NetgearXr500 Firmware< 2.3.2.130
NetgearXr700 Firmware< 1.0.1.44

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2021-34947?
NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055.
How severe is CVE-2021-34947?
Severity scoring for CVE-2021-34947 is pending analysis. The EPSS model estimates a 0.55% probability of exploitation in the next 30 days.
How do I fix CVE-2021-34947?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-34947?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST