Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2021-03-05 20:15

Modified

2024-11-21 05:57

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.

References

URL	Tags
zdi-disclosures@trendmicro.com	https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders	Patch, Vendor Advisory
zdi-disclosures@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-21-252/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-252/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
netgear	br200_firmware	*
netgear	br200	-
netgear	br500_firmware	*
netgear	br500	-
netgear	d7800_firmware	*
netgear	d7800	-
netgear	ex6100v2_firmware	*
netgear	ex6100v2	-
netgear	ex6150v2_firmware	*
netgear	ex6150v2	-
netgear	ex6250_firmware	*
netgear	ex6250	-
netgear	ex6400_firmware	*
netgear	ex6400	-
netgear	ex6400v2_firmware	*
netgear	ex6400v2	-
netgear	ex6410_firmware	*
netgear	ex6410	-
netgear	ex6420_firmware	*
netgear	ex6420	-
netgear	ex7300_firmware	*
netgear	ex7300	-
netgear	ex7300v2_firmware	*
netgear	ex7300v2	-
netgear	ex7320_firmware	*
netgear	ex7320	-
netgear	ex7700_firmware	*
netgear	ex7700	-
netgear	ex8000_firmware	*
netgear	ex8000	-
netgear	lbr20_firmware	*
netgear	lbr20	-
netgear	r7800_firmware	*
netgear	r7800	-
netgear	r8900_firmware	*
netgear	r8900	-
netgear	r9000_firmware	*
netgear	r9000	-
netgear	rbk12_firmware	*
netgear	rbk12	-
netgear	rbk13_firmware	*
netgear	rbk13	-
netgear	rbk14_firmware	*
netgear	rbk14	-
netgear	rbk15_firmware	*
netgear	rbk15	-
netgear	rbk20_firmware	*
netgear	rbk20	-
netgear	rbk23_firmware	*
netgear	rbk23	-
netgear	rbk40_firmware	*
netgear	rbk40	-
netgear	rbk43_firmware	*
netgear	rbk43	-
netgear	rbk43s_firmware	*
netgear	rbk43s	-
netgear	rbk44_firmware	*
netgear	rbk44	-
netgear	rbk50_firmware	*
netgear	rbk50	-
netgear	rbk53_firmware	*
netgear	rbk53	-
netgear	rbr10_firmware	*
netgear	rbr10	-
netgear	rbr20_firmware	*
netgear	rbr20	-
netgear	rbr40_firmware	*
netgear	rbr40	-
netgear	rbr50_firmware	*
netgear	rbr50	-
netgear	rbs10_firmware	*
netgear	rbs10	-
netgear	rbs20_firmware	*
netgear	rbs20	-
netgear	rbs40_firmware	*
netgear	rbs40	-
netgear	rbs50_firmware	*
netgear	rbs50	-
netgear	rbs50y_firmware	*
netgear	rbs50y	-
netgear	xr450_firmware	*
netgear	xr450	-
netgear	xr500_firmware	*
netgear	xr500	-
netgear	xr700_firmware	*
netgear	xr700	-

▼	URL	Tags
	cve@mitre.org	https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435	Vendor Advisory

URL	Tags
cve@mitre.org	https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/	Third Party Advisory
cve@mitre.org	https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171	Patch, Vendor Advisory

URL	Tags
zdi-disclosures@trendmicro.com	https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324	Vendor Advisory
zdi-disclosures@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-22-520/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-22-520/	Third Party Advisory, VDB Entry

Vendor	Product	Version
netgear	r6400_firmware	*
netgear	r6400	v2
netgear	r6700_firmware	*
netgear	r6700	v3
netgear	r6900p_firmware	*
netgear	r6900p	-
netgear	r7000_firmware	*
netgear	r7000	-
netgear	r7000p_firmware	*
netgear	r7000p	-
netgear	r7850_firmware	*
netgear	r7850	-
netgear	r7960p_firmware	*
netgear	r7960p	-
netgear	r8000_firmware	*
netgear	r8000	-
netgear	r8000p_firmware	*
netgear	r8000p	-
netgear	rax200_firmware	*
netgear	rax200	-
netgear	rax75_firmware	*
netgear	rax75	-
netgear	rax80_firmware	*
netgear	rax80	-
netgear	rs400_firmware	*
netgear	rs400	-
netgear	cbr40_firmware	*
netgear	cbr40	-
netgear	lbr1020_firmware	*
netgear	lbr1020	-
netgear	lbr20_firmware	*
netgear	lbr20	-
netgear	rbr10_firmware	*
netgear	rbr10	-
netgear	rbr20_firmware	*
netgear	rbr20	-
netgear	rbr40_firmware	*
netgear	rbr40	-
netgear	rbr50_firmware	*
netgear	rbr50	-
netgear	rbs10_firmware	*
netgear	rbs10	-
netgear	rbs20_firmware	*
netgear	rbs20	-
netgear	rbs40_firmware	*
netgear	rbs40	-
netgear	rbs50_firmware	*
netgear	rbs50	-

▼	URL	Tags
	cve@mitre.org	https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462	Vendor Advisory

▼	URL	Tags
	cve@mitre.org	https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422	Vendor Advisory

▼	URL	Tags
	cve@mitre.org	https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0453	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0453	Patch, Vendor Advisory

▼	URL	Tags
	cve@mitre.org	https://kb.netgear.com/000064491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0427	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000064491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0427	Patch, Vendor Advisory

▼	URL	Tags
	https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-21-262/	x_refsource_MISC

Vulnerabilites related to netgear - lbr20

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot