CVE-2021-27254

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-27254
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders Patch Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-252/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND
cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND
cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*
History

25 Apr 2022, 17:48

Type Values Removed Values Added
CWE CWE-259 CWE-798

16 Mar 2021, 19:29

Type Values Removed Values Added
CPE cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 8.3
v3 : 8.8
References (N/A) https://www.zerodayinitiative.com/advisories/ZDI-21-252/ - (N/A) https://www.zerodayinitiative.com/advisories/ZDI-21-252/ - Third Party Advisory, VDB Entry
References (N/A) https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders - (N/A) https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders - Patch, Vendor Advisory

05 Mar 2021, 21:15

Type Values Removed Values Added
CWE CWE-259
Summary This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.

05 Mar 2021, 20:51

Type Values Removed Values Added
New CVE
Information

Published : 2021-03-05 20:15

Updated : 2023-12-10 13:41

NVD link : CVE-2021-27254

Mitre link : CVE-2021-27254

CVE.ORG link : CVE-2021-27254

JSON object : View

Products Affected

netgear

  • ex6150v2_firmware
  • rbk50
  • rbs40_firmware
  • rbk13_firmware
  • xr500_firmware
  • rbk50_firmware
  • ex6100v2_firmware
  • ex6250
  • lbr20_firmware
  • rbk20_firmware
  • rbk20
  • rbk15_firmware
  • rbr50
  • rbk40_firmware
  • xr700_firmware
  • ex7320_firmware
  • rbr20
  • ex8000_firmware
  • rbk53
  • rbk44_firmware
  • rbs40
  • xr450
  • r8900
  • lbr20
  • xr450_firmware
  • rbk23
  • rbk13
  • rbk15
  • rbk43s_firmware
  • rbs10_firmware
  • ex7300v2_firmware
  • rbk43
  • ex7700
  • ex6400v2_firmware
  • ex7300v2
  • br500_firmware
  • rbr10
  • rbr40_firmware
  • d7800
  • r7800_firmware
  • rbr40
  • ex7300_firmware
  • r9000_firmware
  • rbs50
  • rbk40
  • xr500
  • br200_firmware
  • ex6250_firmware
  • ex7320
  • rbr10_firmware
  • rbk12
  • rbr20_firmware
  • rbk43_firmware
  • ex6410_firmware
  • rbk14
  • rbs20
  • ex6400
  • r8900_firmware
  • ex8000
  • rbs10
  • d7800_firmware
  • rbs50y
  • rbs50y_firmware
  • rbs50_firmware
  • ex6100v2
  • r7800
  • ex6410
  • rbk53_firmware
  • ex6420_firmware
  • ex6400_firmware
  • r9000
  • rbk43s
  • ex6400v2
  • ex6420
  • rbk14_firmware
  • ex6150v2
  • rbk12_firmware
  • ex7700_firmware
  • xr700
  • rbk44
  • br200
  • ex7300
  • rbk23_firmware
  • br500
  • rbr50_firmware
  • rbs20_firmware
CWE
CWE-798

Use of Hard-coded Credentials

CWE-259

Use of Hard-coded Password