Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-31802

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.

Published

2021-04-26T13:15:07.787

Last Modified

2024-11-21T06:06:15.283

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.5

Impact Score

10.0

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	r7000_firmware	≤ 1.0.11.116	Yes
Hardware	netgear	r7000	-	No

References

https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/ Exploit, Third Party Advisory ([email protected])
https://www.netgear.com/about/security/ Vendor Advisory ([email protected])
https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.netgear.com/about/security/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)