CVE-2021-27253 – NETGEAR Nighthawk R7800 Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27253
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders https://www.zerodayinitiative.com/advisories/ZDI-21-249 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-35800
https://notcve.org/view.php?id=CVE-2020-35800
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34. Determinados dispositivos NETGEAR están afectados por una configuración incorrecta de los ajustes de seguridad. Esto afecta a AC2100 versiones < 1.2.0.72, AC2400 versiones < 1.2.0.72, AC2600 versiones < 1.2.0.72, CBK40 versiones < 2.5.0.10, CBR40 versiones < 2.5.0.10, D6000 versiones < 1.0.0.80, D6220 versiones < 1.0.0.60, D6400 versiones < 1.0.0.94, D7000v2 versiones < 1.0.0.62, D7800 versiones < 1.0.3.48, D8500 versiones < 1.0.3.50, DC112A versiones < 1.0.0.48, DGN2200v4 versiones < 1.0.0.114, DM200 versiones < 1.0.0.66, EAX20 versiones < 1.0.0.36, EAX80 versiones < 1.0.1.62, EX2700 versiones < 1.0.1.58, EX3110 versiones < 1.0.1.68, EX3700 versiones < 1.0.0.84, EX3800 versiones < 1.0.0.84, EX3920 versiones < 1.0.0.84, EX6000 versiones < 1.0.0.44, EX6100v2 versiones < 1.0.1.94, EX6110 versiones < 1.0.1.68, EX6120 versiones < 1.0. 0.54, EX6130 versiones < 1.0.0.36, EX6150v1 versiones < 1.0.0.46, EX6150v2 versiones < 1.0.1.94, EX6200v1 versiones < 1.0.3.94, EX6250 versiones < 1.0.0.128, EX6400 versiones < 1.0.2.152, EX6400v2 versiones < 1.0.0.128, EX6410 versiones < 1.0.0.128, EX6920 versiones < 1.0.0.54, EX7000 versiones < 1.0.1.90, EX7300 versiones < 1.0.2.152, EX7300v2 versiones < 1.0.0.128, EX7320 versiones < 1.0.0.128, EX7500 versiones < 1.0.0.68, EX7700 versiones < 1.0.0.210, EX8000 antes e 1.0.1.224, MK62 versiones < 1.0.5.102, MR60 versiones < 1.0.5.102, MS60 versiones < 1.0.5.102, R6120 versiones < 1.0.0.70, R6220 versiones < 1.1.0.100, R6230 versiones < 1.1.0.100, R6250 versiones < 1.0.4.42, R6260 versiones < 1.1 .0.76, R6300v2 versiones < 1.0.4.42, R6330 versiones < 1.1.0.76, R6350 versiones < 1.1.0.76, R6400v1 versiones < 1.0.1.62, R6400v2 versiones < 1.0.4.98, R6700v1 versiones < 1.0.2.16, R6700v2 versiones < 1.2.0.72, R6700v3 versiones < 1.0.4.98, R6800 versiones < 1.2.0.72, R6800 antes 1.2.0.72, R6850 versiones < 1.1.0.76, R6900 versiones < 1.0.2.16, R6900P versiones < 1.3.2.124, R6900v2 versiones < 1.2.0.72, R7000 versiones < 1.0.11.106, R7000P versiones < 1.3.2.124, R7100LG versiones < 1.0.0.56, R7200 versiones < 1.2. 0.72, R7350 versiones < 1.2.0.72, R7400 versiones < 1.2.0.72, R7450 versiones < 1.2.0.72, R7500v2 versiones < 1.0.3.48, R7800 versiones < 1.0.2.74, R7850 versiones < 1.0.5.60, R7900 versiones < 1.0.4.26, R7900P versiones < 1.4.1.62, R7960P versiones < 1.4.1.62, R8000 versiones < 1.0.4.58, R8000P versiones < 1.4.1.62, R8300 versiones < 1.0.2.134, R8500 versiones < 1.0.2.134, R8900 versiones < 1.0.5.24, R9000 versiones < 1.0.5.24, RAX120 versiones < 1.0.1.136, RAX15 versiones < 1.0.1.64, RAX20 versiones < 1.0.1.64, RAX200 versiones < 1.0.5.24, RAX35 versiones < 1.0.3.80, RAX40 versiones < 1.0.3.80, RAX45 versiones < 1.0.2.64, RAX50 versiones < 1.0.2.64, RAX75 versiones < 1.0.3.102, RAX80 versiones < 1.0. 3.102, RB K12 versiones < 2.6.1.44, RBR10 versiones < 2.6.1.44, RBS10 versiones < 2.6.1.44, RBK20 versiones < 2.6.1.38, RBR20 versiones < 2.6.1.36, RBS20 versiones < 2.6.1.38, RBK40 versiones < 2.6.1.38, RBR40 versiones < 2.6.1.38, RBS40 antes 2.6.1.38, RBK50 versiones < 2.6.1.40, RBR50 versiones < 2.6.1.40, RBS50 versiones < 2.6.1.40, RBK752 versiones < 3.2.16.6, RBR750 versiones < 3.2.16.6, RBS750 versiones < 3.2.16.6, RBK842 versiones < 3.2.16.6, RBR840 versiones < 3.2. 16.6, RBS840 versiones < 3.2.16.6, RBK852 versiones < 3.2.16.6, RBR850 versiones < 3.2.16.6, RBS850 versiones < 3.2.16.6, RBS40V versiones < 2.5.1.6, RBS40V-200 versiones < 1.0.0.46, RBS50Y versiones < 2.6.1.40, RBW30 versiones < 2.5. 0.4, RS400 versiones < 1.5.0.48, WN2500RPv2 versiones < 1.0.1.56, WN3000RPv3 versiones < 1.0.2.86, WN3500RPv1 versiones < 1.0.0.28, WNDR3400v3 versiones < 1.0.1.32, WNR1000v3 versiones < 1.0.2.78, WNR2000v2 versiones < 1.2.0.12, XR30 • https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112 •
CVE-2020-11549
https://notcve.org/view.php?id=CVE-2020-11549
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system. Se detectó un problema en NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 versión V2.5.1.106, Outdoor Satellite (RBS50Y) versión V2.5.1.106, y Pro Tri-Band Business WiFi Router (SRR60) AC3000 versión V2.5.1.106. La cuenta root presenta la misma contraseña que el componente Web-admin. • https://github.com/modzero/MZ-20-02-NETGEAR-Orbi-Security https://www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txt https://www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_for_business/index.html • CWE-798: Use of Hard-coded Credentials •
CVE-2020-11550
https://notcve.org/view.php?id=CVE-2020-11550
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK). Se detectó un problema en NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 versión V2.5.1.106, Outdoor Satellite (RBS50Y) versión V2.5.1.106, y Pro Tri-Band Business WiFi Router (SRR60) AC3000 versión V2.5.1.106. La interfaz administrativa SOAP, permite un filtrado remoto no autenticado de información de Wi-Fi confidencial/arbitraria, tales como SSID y Pre-Shared-Keys (PSK). • https://github.com/modzero/MZ-20-02-NETGEAR-Orbi-Security https://www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txt https://www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_for_business/index.html •
CVE-2020-11551
https://notcve.org/view.php?id=CVE-2020-11551
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc. Se ha detectado un problema en NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 versión V2.5.1.106, Outdoor Satellite (RBS50Y) versión V2.5.1.106, y Pro Tri-Band Business WiFi Router (SRR60) AC3000 versión V2.5.1.106. La interfaz administrativa SOAP, permite una escritura remota no autenticada de datos de configuración Wi-Fi arbitrarios, tales como detalles de autenticación (por ejemplo, la contraseña de Web-admin), ajustes de red, ajustes de DNS, configuración de la interfaz de administración del sistema, etc. • https://github.com/modzero/MZ-20-02-NETGEAR-Orbi-Security https://www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txt https://www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_for_business/index.html • CWE-287: Improper Authentication CWE-330: Use of Insufficiently Random Values •