Vulnerability Description
The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default. This daemon connects to Circle and NETGEAR to obtain version information and updates to the circled daemon and its filtering database. However, database updates from NETGEAR are unsigned and downloaded via cleartext HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to circled update requests with a crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code. This affects R6400v2 1.0.4.106, R6700 1.0.2.16, R6700v3 1.0.4.106, R6900 1.0.2.16, R6900P 1.3.2.134, R7000 1.0.11.123, R7000P 1.3.2.134, R7850 1.0.5.68, R7900 1.0.4.38, R8000 1.0.4.68, and RS400 1.5.0.68.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | R6400V2 Firmware | 1.0.4.106 |
| Netgear | R6400V2 | - |
| Netgear | R6700 Firmware | 1.0.2.16 |
| Netgear | R6700 | - |
| Netgear | R6700V3 Firmware | 1.0.4.106 |
| Netgear | R6700V3 | - |
| Netgear | R6900 Firmware | 1.0.2.16 |
| Netgear | R6900 | - |
| Netgear | R6900P Firmware | 1.3.2.134 |
| Netgear | R6900P | - |
| Netgear | R7000 Firmware | 1.0.11.123 |
| Netgear | R7000 | - |
| Netgear | R7000P Firmware | 1.3.2.134 |
| Netgear | R7000P | - |
| Netgear | R7850 Firmware | 1.0.5.68 |
| Netgear | R7850 | - |
| Netgear | R7900 Firmware | 1.0.4.38 |
| Netgear | R7900 | - |
| Netgear | R8000 Firmware | 1.0.4.68 |
| Netgear | R8000 | - |
Related Weaknesses (CWE)
References
- https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.htmlExploitThird Party Advisory
- https://kb.netgear.com/000064039/Security-Advisory-for-Remote-Code-Execution-on-Vendor Advisory
- https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.htmlExploitThird Party Advisory
- https://kb.netgear.com/000064039/Security-Advisory-for-Remote-Code-Execution-on-Vendor Advisory
FAQ
What is CVE-2021-40847?
CVE-2021-40847 is a vulnerability with a CVSS score of 8.1 (HIGH). The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls the...
How severe is CVE-2021-40847?
CVE-2021-40847 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40847?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear R6400V2 Firmware, Netgear R6400V2, Netgear R6700 Firmware, Netgear R6700, Netgear R6700V3 Firmware.