CVE-2021-27239 — HIGH (8.8)

Q: How severe is CVE-2021-27239?

CVE-2021-27239 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-27239?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear D6220 Firmware, Netgear D6220, Netgear D6400 Firmware, Netgear D6400, Netgear D7000 Firmware.

Vulnerability Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	D6220 Firmware	< 1.0.0.68
Netgear	D6220	-
Netgear	D6400 Firmware	< 1.0.0.102
Netgear	D6400	-
Netgear	D7000 Firmware	< 1.0.0.66
Netgear	D7000	v2
Netgear	D8500 Firmware	< 1.0.3.60
Netgear	D8500	-
Netgear	Dc112A Firmware	< 1.0.0.54
Netgear	Dc112A	-
Netgear	Ex7000 Firmware	< 1.0.1.94
Netgear	Ex7000	-
Netgear	Ex7500 Firmware	< 1.0.0.72
Netgear	Ex7500	-
Netgear	R6250 Firmware	< 1.0.4.48
Netgear	R6250	-
Netgear	R6300 Firmware	< 1.0.4.50
Netgear	R6300	v2
Netgear	R6400 Firmware	< 1.0.1.68
Netgear	R6400	-

Related Weaknesses (CWE)

CWE-121

References

https://kb.netgear.com/000062820/Security-Advisory-for-Stack-based-Buffer-OverflVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-206/Third Party AdvisoryVDB Entry
https://kb.netgear.com/000062820/Security-Advisory-for-Stack-based-Buffer-OverflVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-206/Third Party AdvisoryVDB Entry

FAQ

What is CVE-2021-27239?

CVE-2021-27239 is a vulnerability with a CVSS score of 8.8 (HIGH). This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to...

How severe is CVE-2021-27239?

CVE-2021-27239 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-27239?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear D6220 Firmware, Netgear D6220, Netgear D6400 Firmware, Netgear D6400, Netgear D7000 Firmware.