Vulnerability Description
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | R7000 Firmware | <= 1.0.11.116 |
| Netgear | R7000 | - |
Related Weaknesses (CWE)
References
- https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rcExploitThird Party Advisory
- https://www.netgear.com/about/security/Vendor Advisory
- https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rcExploitThird Party Advisory
- https://www.netgear.com/about/security/Vendor Advisory
FAQ
What is CVE-2021-31802?
CVE-2021-31802 is a vulnerability with a CVSS score of 8.8 (HIGH). NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. A...
How severe is CVE-2021-31802?
CVE-2021-31802 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31802?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear R7000 Firmware, Netgear R7000.