Versio.io

CVE-2021-27254

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 05-03-2021 09:15
Last modified: - 25-04-2022 07:48
Total changes: - 3

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Adjacent
Attack vector
High
Availability
High
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
8.8
Base score
2.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=netgear AND product=br200_firmware AND versionEndExcluding=5.10.0.5
OR
vendor=netgear AND product=br200 AND version=-
AND
OR
vendor=netgear AND product=br500_firmware AND versionEndExcluding=5.10.0.5
OR
vendor=netgear AND product=br500 AND version=-
AND
OR
vendor=netgear AND product=d7800_firmware AND versionEndExcluding=1.0.1.60
OR
vendor=netgear AND product=d7800 AND version=-
AND
OR
vendor=netgear AND product=ex6100v2_firmware AND versionEndExcluding=1.0.1.98
OR
vendor=netgear AND product=ex6100v2 AND version=-
AND
OR
vendor=netgear AND product=ex6150v2_firmware AND versionEndExcluding=1.0.1.98
OR
vendor=netgear AND product=ex6150v2 AND version=-
AND
OR
vendor=netgear AND product=ex6250_firmware AND versionEndExcluding=1.0.0.134
OR
vendor=netgear AND product=ex6250 AND version=-
AND
OR
vendor=netgear AND product=ex6400_firmware AND versionEndExcluding=1.0.2.158
OR
vendor=netgear AND product=ex6400 AND version=-
AND
OR
vendor=netgear AND product=ex6400v2_firmware AND versionEndExcluding=1.0.0.134
OR
vendor=netgear AND product=ex6400v2 AND version=-
AND
OR
vendor=netgear AND product=ex6410_firmware AND versionEndExcluding=1.0.0.134
OR
vendor=netgear AND product=ex6410 AND version=-
AND
OR
vendor=netgear AND product=ex6420_firmware AND versionEndExcluding=1.0.0.134
OR
vendor=netgear AND product=ex6420 AND version=-
AND
OR
vendor=netgear AND product=ex7300_firmware AND versionEndExcluding=1.0.2.158
OR
vendor=netgear AND product=ex7300 AND version=-
AND
OR
vendor=netgear AND product=ex7300v2_firmware AND versionEndExcluding=1.0.0.134
OR
vendor=netgear AND product=ex7300v2 AND version=-
AND
OR
vendor=netgear AND product=ex7320_firmware AND versionEndExcluding=1.0.0.134
OR
vendor=netgear AND product=ex7320 AND version=-
AND
OR
vendor=netgear AND product=ex7700_firmware AND versionEndExcluding=1.0.0.216
OR
vendor=netgear AND product=ex7700 AND version=-
AND
OR
vendor=netgear AND product=ex8000_firmware AND versionEndExcluding=1.0.1.232
OR
vendor=netgear AND product=ex8000 AND version=-
AND
OR
vendor=netgear AND product=lbr20_firmware AND versionEndExcluding=2.6.3.50
OR
vendor=netgear AND product=lbr20 AND version=-
AND
OR
vendor=netgear AND product=r7800_firmware AND versionEndExcluding=1.0.2.80
OR
vendor=netgear AND product=r7800 AND version=-
AND
OR
vendor=netgear AND product=r8900_firmware AND versionEndExcluding=1.0.5.28
OR
vendor=netgear AND product=r8900 AND version=-
AND
OR
vendor=netgear AND product=r9000_firmware AND versionEndExcluding=1.0.5.28
OR
vendor=netgear AND product=r9000 AND version=-
AND
OR
vendor=netgear AND product=rbk12_firmware AND versionEndExcluding=2.7.2.104
OR
vendor=netgear AND product=rbk12 AND version=-
AND
OR
vendor=netgear AND product=rbk13_firmware AND versionEndExcluding=2.7.2.104
OR
vendor=netgear AND product=rbk13 AND version=-
AND
OR
vendor=netgear AND product=rbk14_firmware AND versionEndExcluding=2.7.2.104
OR
vendor=netgear AND product=rbk14 AND version=-
AND
OR
vendor=netgear AND product=rbk15_firmware AND versionEndExcluding=2.7.2.104
OR
vendor=netgear AND product=rbk15 AND version=-
AND
OR
vendor=netgear AND product=rbk20_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbk20 AND version=-
AND
OR
vendor=netgear AND product=rbk23_firmware AND versionEndExcluding=2.7.2.104
OR
vendor=netgear AND product=rbk23 AND version=-
AND
OR
vendor=netgear AND product=rbk40_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbk40 AND version=-
AND
OR
vendor=netgear AND product=rbk43_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbk43 AND version=-
AND
OR
vendor=netgear AND product=rbk43s_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbk43s AND version=-
AND
OR
vendor=netgear AND product=rbk44_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbk44 AND version=-
AND
OR
vendor=netgear AND product=rbk50_firmware AND versionEndExcluding=2.7.2.104
OR
vendor=netgear AND product=rbk50 AND version=-
AND
OR
vendor=netgear AND product=rbk53_firmware AND versionEndExcluding=2.7.2.104
OR
vendor=netgear AND product=rbk53 AND version=-
AND
OR
vendor=netgear AND product=rbr10_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbr10 AND version=-
AND
OR
vendor=netgear AND product=rbr20_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbr20 AND version=-
AND
OR
vendor=netgear AND product=rbr40_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbr40 AND version=-
AND
OR
vendor=netgear AND product=rbr50_firmware AND versionEndExcluding=2.7.2.104
OR
vendor=netgear AND product=rbr50 AND version=-
AND
OR
vendor=netgear AND product=rbs10_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbs10 AND version=-
AND
OR
vendor=netgear AND product=rbs20_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbs20 AND version=-
AND
OR
vendor=netgear AND product=rbs40_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbs40 AND version=-
AND
OR
vendor=netgear AND product=rbs50_firmware AND versionEndExcluding=2.7.2.104
OR
vendor=netgear AND product=rbs50 AND version=-
AND
OR
vendor=netgear AND product=rbs50y_firmware AND versionEndExcluding=2.6.2.104
OR
vendor=netgear AND product=rbs50y AND version=-
AND
OR
vendor=netgear AND product=xr450_firmware AND versionEndExcluding=2.3.2.114
OR
vendor=netgear AND product=xr450 AND version=-
AND
OR
vendor=netgear AND product=xr500_firmware AND versionEndExcluding=2.3.2.114
OR
vendor=netgear AND product=xr500 AND version=-
AND
OR
vendor=netgear AND product=xr700_firmware AND versionEndExcluding=1.0.1.38
OR
vendor=netgear AND product=xr700 AND version=-
 

Reference

  • N/A-Third Party Advisory, VDB Entry
  • N/A-Patch, Vendor Advisory
 


Keywords

NVD

 

CVE-2021-27254

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.