Link | Resource |
---|---|
https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-262/ | Third Party Advisory VDB Entry |
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
Configuration 20 (hide)
AND |
|
Configuration 21 (hide)
AND |
|
Configuration 22 (hide)
AND |
|
Configuration 23 (hide)
AND |
|
Configuration 24 (hide)
AND |
|
Configuration 25 (hide)
AND |
|
Configuration 26 (hide)
AND |
|
Configuration 27 (hide)
AND |
|
Configuration 28 (hide)
AND |
|
Configuration 29 (hide)
AND |
|
Configuration 30 (hide)
AND |
|
Configuration 31 (hide)
AND |
|
Configuration 32 (hide)
AND |
|
Configuration 33 (hide)
AND |
|
Configuration 34 (hide)
AND |
|
Configuration 35 (hide)
AND |
|
Configuration 36 (hide)
AND |
|
Configuration 37 (hide)
AND |
|
Configuration 38 (hide)
AND |
|
Configuration 39 (hide)
AND |
|
Configuration 40 (hide)
AND |
|
Configuration 41 (hide)
AND |
|
Configuration 42 (hide)
AND |
|
Configuration 43 (hide)
AND |
|
16 Mar 2021, 19:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 8.3
v3 : 8.8 |
CPE | cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:* |
|
References | (N/A) https://www.zerodayinitiative.com/advisories/ZDI-21-262/ - Third Party Advisory, VDB Entry | |
References | (N/A) https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders - Patch, Vendor Advisory |
05 Mar 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355. |
05 Mar 2021, 20:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Published : 2021-03-05 20:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-27256
Mitre link : CVE-2021-27256
CVE.ORG link : CVE-2021-27256
JSON object : View
netgear
- rbk15
- rbs50_firmware
- ex8000_firmware
- rbk12
- rbr40_firmware
- r7800_firmware
- ex7320
- ex7300
- rbs20
- rbr20_firmware
- xr700_firmware
- rbs40
- br200
- rbk43s
- rbr10_firmware
- rbs20_firmware
- rbk14
- rbk43s_firmware
- rbk43_firmware
- rbk20
- br500
- rbs10
- ex6410_firmware
- rbk43
- br200_firmware
- ex6420_firmware
- ex6150v2
- rbk40_firmware
- ex6400_firmware
- xr450
- rbk40
- xr450_firmware
- ex6250_firmware
- rbs10_firmware
- r9000_firmware
- rbk23
- ex6420
- ex7700_firmware
- rbk23_firmware
- rbs50y_firmware
- br500_firmware
- ex6400v2_firmware
- ex6400v2
- r7800
- ex6100v2
- ex7300v2
- ex8000
- xr500
- rbs50y
- lbr20_firmware
- rbk13_firmware
- ex7300_firmware
- rbk14_firmware
- ex6410
- rbk20_firmware
- rbk50_firmware
- rbr20
- rbs40_firmware
- rbr50
- d7800_firmware
- ex6100v2_firmware
- rbk53_firmware
- r8900_firmware
- rbk12_firmware
- rbk44
- ex6250
- lbr20
- rbk53
- xr500_firmware
- ex6150v2_firmware
- ex7700
- ex7300v2_firmware
- r9000
- rbk15_firmware
- ex6400
- rbk13
- d7800
- rbr10
- xr700
- rbs50
- rbk44_firmware
- rbr40
- r8900
- rbk50
- rbr50_firmware
- ex7320_firmware
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')