CVE-2021-27254
NETGEAR Nighthawk R7800 Use of Hard-coded Password Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.
Esta vulnerabilidad permite a atacantes adyacentes a la red omitir una autenticación en instalaciones afectadas de NETGEAR R7800. No es requerida una autenticación para explotar esta vulnerabilidad. El fallo específico se presenta dentro del endpoint apply_save.cgi. Este problema resulta del uso de una clave de cifrado embebida. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código arbitrario en el contexto de root. Era ZDI-CAN-12287
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-16 CVE Reserved
- 2021-02-25 CVE Published
- 2023-10-10 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-259: Use of Hard-coded Password
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-21-252 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders | 2022-04-25 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netgear Search vendor "Netgear" | Br200 Firmware Search vendor "Netgear" for product "Br200 Firmware" | < 5.10.0.5 Search vendor "Netgear" for product "Br200 Firmware" and version " < 5.10.0.5" | - |
Affected
| in | Netgear Search vendor "Netgear" | Br200 Search vendor "Netgear" for product "Br200" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Br500 Firmware Search vendor "Netgear" for product "Br500 Firmware" | < 5.10.0.5 Search vendor "Netgear" for product "Br500 Firmware" and version " < 5.10.0.5" | - |
Affected
| in | Netgear Search vendor "Netgear" | Br500 Search vendor "Netgear" for product "Br500" | - | - |
Safe
|
Netgear Search vendor "Netgear" | D7800 Firmware Search vendor "Netgear" for product "D7800 Firmware" | < 1.0.1.60 Search vendor "Netgear" for product "D7800 Firmware" and version " < 1.0.1.60" | - |
Affected
| in | Netgear Search vendor "Netgear" | D7800 Search vendor "Netgear" for product "D7800" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex6100v2 Firmware Search vendor "Netgear" for product "Ex6100v2 Firmware" | < 1.0.1.98 Search vendor "Netgear" for product "Ex6100v2 Firmware" and version " < 1.0.1.98" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex6100v2 Search vendor "Netgear" for product "Ex6100v2" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex6150v2 Firmware Search vendor "Netgear" for product "Ex6150v2 Firmware" | < 1.0.1.98 Search vendor "Netgear" for product "Ex6150v2 Firmware" and version " < 1.0.1.98" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex6150v2 Search vendor "Netgear" for product "Ex6150v2" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex6250 Firmware Search vendor "Netgear" for product "Ex6250 Firmware" | < 1.0.0.134 Search vendor "Netgear" for product "Ex6250 Firmware" and version " < 1.0.0.134" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex6250 Search vendor "Netgear" for product "Ex6250" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex6400 Firmware Search vendor "Netgear" for product "Ex6400 Firmware" | < 1.0.2.158 Search vendor "Netgear" for product "Ex6400 Firmware" and version " < 1.0.2.158" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex6400 Search vendor "Netgear" for product "Ex6400" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex6400v2 Firmware Search vendor "Netgear" for product "Ex6400v2 Firmware" | < 1.0.0.134 Search vendor "Netgear" for product "Ex6400v2 Firmware" and version " < 1.0.0.134" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex6400v2 Search vendor "Netgear" for product "Ex6400v2" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex6410 Firmware Search vendor "Netgear" for product "Ex6410 Firmware" | < 1.0.0.134 Search vendor "Netgear" for product "Ex6410 Firmware" and version " < 1.0.0.134" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex6410 Search vendor "Netgear" for product "Ex6410" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex6420 Firmware Search vendor "Netgear" for product "Ex6420 Firmware" | < 1.0.0.134 Search vendor "Netgear" for product "Ex6420 Firmware" and version " < 1.0.0.134" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex6420 Search vendor "Netgear" for product "Ex6420" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex7300 Firmware Search vendor "Netgear" for product "Ex7300 Firmware" | < 1.0.2.158 Search vendor "Netgear" for product "Ex7300 Firmware" and version " < 1.0.2.158" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex7300 Search vendor "Netgear" for product "Ex7300" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex7300v2 Firmware Search vendor "Netgear" for product "Ex7300v2 Firmware" | < 1.0.0.134 Search vendor "Netgear" for product "Ex7300v2 Firmware" and version " < 1.0.0.134" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex7300v2 Search vendor "Netgear" for product "Ex7300v2" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex7320 Firmware Search vendor "Netgear" for product "Ex7320 Firmware" | < 1.0.0.134 Search vendor "Netgear" for product "Ex7320 Firmware" and version " < 1.0.0.134" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex7320 Search vendor "Netgear" for product "Ex7320" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex7700 Firmware Search vendor "Netgear" for product "Ex7700 Firmware" | < 1.0.0.216 Search vendor "Netgear" for product "Ex7700 Firmware" and version " < 1.0.0.216" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex7700 Search vendor "Netgear" for product "Ex7700" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Ex8000 Firmware Search vendor "Netgear" for product "Ex8000 Firmware" | < 1.0.1.232 Search vendor "Netgear" for product "Ex8000 Firmware" and version " < 1.0.1.232" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ex8000 Search vendor "Netgear" for product "Ex8000" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Lbr20 Firmware Search vendor "Netgear" for product "Lbr20 Firmware" | < 2.6.3.50 Search vendor "Netgear" for product "Lbr20 Firmware" and version " < 2.6.3.50" | - |
Affected
| in | Netgear Search vendor "Netgear" | Lbr20 Search vendor "Netgear" for product "Lbr20" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R7800 Firmware Search vendor "Netgear" for product "R7800 Firmware" | < 1.0.2.80 Search vendor "Netgear" for product "R7800 Firmware" and version " < 1.0.2.80" | - |
Affected
| in | Netgear Search vendor "Netgear" | R7800 Search vendor "Netgear" for product "R7800" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R8900 Firmware Search vendor "Netgear" for product "R8900 Firmware" | < 1.0.5.28 Search vendor "Netgear" for product "R8900 Firmware" and version " < 1.0.5.28" | - |
Affected
| in | Netgear Search vendor "Netgear" | R8900 Search vendor "Netgear" for product "R8900" | - | - |
Safe
|
Netgear Search vendor "Netgear" | R9000 Firmware Search vendor "Netgear" for product "R9000 Firmware" | < 1.0.5.28 Search vendor "Netgear" for product "R9000 Firmware" and version " < 1.0.5.28" | - |
Affected
| in | Netgear Search vendor "Netgear" | R9000 Search vendor "Netgear" for product "R9000" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk12 Firmware Search vendor "Netgear" for product "Rbk12 Firmware" | < 2.7.2.104 Search vendor "Netgear" for product "Rbk12 Firmware" and version " < 2.7.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk12 Search vendor "Netgear" for product "Rbk12" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk13 Firmware Search vendor "Netgear" for product "Rbk13 Firmware" | < 2.7.2.104 Search vendor "Netgear" for product "Rbk13 Firmware" and version " < 2.7.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk13 Search vendor "Netgear" for product "Rbk13" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk14 Firmware Search vendor "Netgear" for product "Rbk14 Firmware" | < 2.7.2.104 Search vendor "Netgear" for product "Rbk14 Firmware" and version " < 2.7.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk14 Search vendor "Netgear" for product "Rbk14" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk15 Firmware Search vendor "Netgear" for product "Rbk15 Firmware" | < 2.7.2.104 Search vendor "Netgear" for product "Rbk15 Firmware" and version " < 2.7.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk15 Search vendor "Netgear" for product "Rbk15" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk20 Firmware Search vendor "Netgear" for product "Rbk20 Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbk20 Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk20 Search vendor "Netgear" for product "Rbk20" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk23 Firmware Search vendor "Netgear" for product "Rbk23 Firmware" | < 2.7.2.104 Search vendor "Netgear" for product "Rbk23 Firmware" and version " < 2.7.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk23 Search vendor "Netgear" for product "Rbk23" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk40 Firmware Search vendor "Netgear" for product "Rbk40 Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbk40 Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk40 Search vendor "Netgear" for product "Rbk40" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk43 Firmware Search vendor "Netgear" for product "Rbk43 Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbk43 Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk43 Search vendor "Netgear" for product "Rbk43" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk43s Firmware Search vendor "Netgear" for product "Rbk43s Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbk43s Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk43s Search vendor "Netgear" for product "Rbk43s" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk44 Firmware Search vendor "Netgear" for product "Rbk44 Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbk44 Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk44 Search vendor "Netgear" for product "Rbk44" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk50 Firmware Search vendor "Netgear" for product "Rbk50 Firmware" | < 2.7.2.104 Search vendor "Netgear" for product "Rbk50 Firmware" and version " < 2.7.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk50 Search vendor "Netgear" for product "Rbk50" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbk53 Firmware Search vendor "Netgear" for product "Rbk53 Firmware" | < 2.7.2.104 Search vendor "Netgear" for product "Rbk53 Firmware" and version " < 2.7.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk53 Search vendor "Netgear" for product "Rbk53" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbr10 Firmware Search vendor "Netgear" for product "Rbr10 Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbr10 Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbr10 Search vendor "Netgear" for product "Rbr10" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbr20 Firmware Search vendor "Netgear" for product "Rbr20 Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbr20 Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbr20 Search vendor "Netgear" for product "Rbr20" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbr40 Firmware Search vendor "Netgear" for product "Rbr40 Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbr40 Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbr40 Search vendor "Netgear" for product "Rbr40" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbr50 Firmware Search vendor "Netgear" for product "Rbr50 Firmware" | < 2.7.2.104 Search vendor "Netgear" for product "Rbr50 Firmware" and version " < 2.7.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbr50 Search vendor "Netgear" for product "Rbr50" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbs10 Firmware Search vendor "Netgear" for product "Rbs10 Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbs10 Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbs10 Search vendor "Netgear" for product "Rbs10" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbs20 Firmware Search vendor "Netgear" for product "Rbs20 Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbs20 Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbs20 Search vendor "Netgear" for product "Rbs20" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbs40 Firmware Search vendor "Netgear" for product "Rbs40 Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbs40 Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbs40 Search vendor "Netgear" for product "Rbs40" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbs50 Firmware Search vendor "Netgear" for product "Rbs50 Firmware" | < 2.7.2.104 Search vendor "Netgear" for product "Rbs50 Firmware" and version " < 2.7.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbs50 Search vendor "Netgear" for product "Rbs50" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Rbs50y Firmware Search vendor "Netgear" for product "Rbs50y Firmware" | < 2.6.2.104 Search vendor "Netgear" for product "Rbs50y Firmware" and version " < 2.6.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbs50y Search vendor "Netgear" for product "Rbs50y" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Xr450 Firmware Search vendor "Netgear" for product "Xr450 Firmware" | < 2.3.2.114 Search vendor "Netgear" for product "Xr450 Firmware" and version " < 2.3.2.114" | - |
Affected
| in | Netgear Search vendor "Netgear" | Xr450 Search vendor "Netgear" for product "Xr450" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Xr500 Firmware Search vendor "Netgear" for product "Xr500 Firmware" | < 2.3.2.114 Search vendor "Netgear" for product "Xr500 Firmware" and version " < 2.3.2.114" | - |
Affected
| in | Netgear Search vendor "Netgear" | Xr500 Search vendor "Netgear" for product "Xr500" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Xr700 Firmware Search vendor "Netgear" for product "Xr700 Firmware" | < 1.0.1.38 Search vendor "Netgear" for product "Xr700 Firmware" and version " < 1.0.1.38" | - |
Affected
| in | Netgear Search vendor "Netgear" | Xr700 Search vendor "Netgear" for product "Xr700" | - | - |
Safe
|