HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2021-34865

CVSS 8.8v3.1pub. 2022-01-25upd. 2024-11-21

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Ac2100

    HW
    Netgear
    wszystkie wersje
  • Netgear Ac2100 Firmware

    OS
    Netgear
    < 1.2.0.88
  • Netgear Ac2400

    HW
    Netgear
    wszystkie wersje
  • Netgear Ac2400 Firmware

    OS
    Netgear
    < 1.2.0.88
  • Netgear Ac2600

    HW
    Netgear
    wszystkie wersje
  • Netgear Ac2600 Firmware

    OS
    Netgear
    < 1.2.0.88
  • Netgear D7000v1

    HW
    Netgear
    wszystkie wersje
  • Netgear D7000v1 Firmware

    OS
    Netgear
    < 1.0.1.80
  • Netgear R6220

    HW
    Netgear
    wszystkie wersje
  • Netgear R6220 Firmware

    OS
    Netgear
    < 1.1.0.110
  • Netgear R6230

    HW
    Netgear
    wszystkie wersje
  • Netgear R6230 Firmware

    OS
    Netgear
    < 1.1.0.110
  • Netgear R6260

    HW
    Netgear
    wszystkie wersje
  • Netgear R6260 Firmware

    OS
    Netgear
    < 1.1.0.84
  • Netgear R6330

    HW
    Netgear
    wszystkie wersje
  • Netgear R6330 Firmware

    OS
    Netgear
    < 1.1.0.84
  • Netgear R6350

    HW
    Netgear
    wszystkie wersje
  • Netgear R6350 Firmware

    OS
    Netgear
    < 1.1.0.84
  • Netgear R6700v2

    HW
    Netgear
    wszystkie wersje
  • Netgear R6700v2 Firmware

    OS
    Netgear
    < 1.2.0.88
  • Netgear R6800

    HW
    Netgear
    wszystkie wersje
  • Netgear R6800 Firmware

    OS
    Netgear
    < 1.2.0.88
  • Netgear R6850

    HW
    Netgear
    wszystkie wersje
  • Netgear R6850 Firmware

    OS
    Netgear
    < 1.1.0.84
  • Netgear R6900v2

    HW
    Netgear
    wszystkie wersje
  • Netgear R6900v2 Firmware

    OS
    Netgear
    < 1.2.0.88
  • Netgear R7200

    HW
    Netgear
    wszystkie wersje
  • Netgear R7200 Firmware

    OS
    Netgear
    < 1.2.0.88
  • Netgear R7350

    HW
    Netgear
    wszystkie wersje
  • Netgear R7350 Firmware

    OS
    Netgear
    < 1.2.0.88
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEAuth BypassLPE
CWE
References

Related vulnerabilities

CVE-2016-10174CRITICAL9.8⚠ KEVten sam produkt

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL...

CVE-2024-30568CRITICAL9.8PL ✓ten sam produkt

Command injection w Netgear R6850 poprzez parametr c4-IPAddr

CVE-2021-45501CRITICAL9.4ten sam produkt

Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 bef...

CVE-2021-38516CRITICAL10.0ten sam produkt

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 befor...

CVE-2021-29068CRITICAL9.9ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 befor...