Link | Resource |
---|---|
https://kb.netgear.com/000062820/Security-Advisory-for-Stack-based-Buffer-Overflow-Remote-Code-Execution-Vulnerability-on-Some-Routers-PSV-2020-0432 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-206/ | Third Party Advisory VDB Entry |
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
Configuration 20 (hide)
AND |
|
Configuration 21 (hide)
AND |
|
Configuration 22 (hide)
AND |
|
Configuration 23 (hide)
AND |
|
Configuration 24 (hide)
AND |
|
Configuration 25 (hide)
AND |
|
Configuration 26 (hide)
AND |
|
Configuration 27 (hide)
AND |
|
Configuration 28 (hide)
AND |
|
Configuration 29 (hide)
AND |
|
Configuration 30 (hide)
AND |
|
Configuration 31 (hide)
AND |
|
Configuration 32 (hide)
AND |
|
Configuration 33 (hide)
AND |
|
Configuration 34 (hide)
AND |
|
Configuration 35 (hide)
AND |
|
Configuration 36 (hide)
AND |
|
02 Apr 2021, 14:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs40v:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs40v_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:d7000:v2:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 8.3
v3 : 8.8 |
References | (N/A) https://kb.netgear.com/000062820/Security-Advisory-for-Stack-based-Buffer-Overflow-Remote-Code-Execution-Vulnerability-on-Some-Routers-PSV-2020-0432 - Vendor Advisory | |
References | (N/A) https://www.zerodayinitiative.com/advisories/ZDI-21-206/ - Third Party Advisory, VDB Entry |
29 Mar 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851. |
29 Mar 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Published : 2021-03-29 21:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-27239
Mitre link : CVE-2021-27239
CVE.ORG link : CVE-2021-27239
JSON object : View
netgear
- rbs850_firmware
- rbr750
- r8000_firmware
- rbr750_firmware
- r8500_firmware
- d7000
- r6250_firmware
- r8300_firmware
- r8300
- dc112a_firmware
- r8000
- rax75_firmware
- rbr850
- r7900p_firmware
- ex7000_firmware
- r7000p
- rbs40v
- r8000p
- d8500
- rbr850_firmware
- r7900
- rax200
- rax75
- r6900p
- rax200_firmware
- r7100lg_firmware
- xr300
- r6300_firmware
- r6400_firmware
- r6400
- d6400_firmware
- r7850
- r7900p
- r6300
- rbs40v_firmware
- wndr3400_firmware
- d8500_firmware
- r7100lg
- wnr3500l_firmware
- xr300_firmware
- r8000p_firmware
- r7960p_firmware
- r6250
- r6700
- dc112a
- d7000_firmware
- rbs850
- rax80_firmware
- rbs750
- ex7500
- r7960p
- ex7500_firmware
- r6700_firmware
- rax80
- wndr3400
- r6900p_firmware
- d6400
- r7850_firmware
- rs400
- d6220_firmware
- ex7000
- r7900_firmware
- r8500
- wnr3500l
- rs400_firmware
- r7000p_firmware
- rbs750_firmware
- r7000
- d6220
- r7000_firmware
Stack-based Buffer Overflow