CVE-2021-27254 – NETGEAR Nighthawk R7800 Use of Hard-coded Password Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-27254
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. • https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders https://www.zerodayinitiative.com/advisories/ZDI-21-252 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVE-2021-27252 – NETGEAR R7800 udchpd DHCP_REQUEST Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27252
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders https://www.zerodayinitiative.com/advisories/ZDI-21-248 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-27251 – NETGEAR Nighthawk R7800 ready-genie-cloud Insecure Download of Critical Component Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27251
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308. • https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders https://www.zerodayinitiative.com/advisories/ZDI-21-247 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2021-27253 – NETGEAR Nighthawk R7800 Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27253
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders https://www.zerodayinitiative.com/advisories/ZDI-21-249 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-35786
https://notcve.org/view.php?id=CVE-2020-35786
NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user. Los dispositivos NETGEAR R7800 versiones anteriores a 1.0.2.74 están afectados por un desbordamiento del búfer por parte de un usuario autenticado. • https://kb.netgear.com/000062718/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-R7800-PSV-2020-0218 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •