cve-2021-27254
Vulnerability from cvelistv5
Published
2021-03-05 20:00
Modified
2024-08-03 20:48
Severity ?
6.3 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.
References
zdi-disclosures@trendmicro.comhttps://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-ExtendersPatch, Vendor Advisory
zdi-disclosures@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-21-252/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-ExtendersPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-21-252/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
NETGEAR R7800 Version: firmware version 1.0.2.76
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:48:15.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-252/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "R7800",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 1.0.2.76"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "84c0"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259: Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T20:00:23",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-252/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2021-27254",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "R7800",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware version 1.0.2.76"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NETGEAR"
              }
            ]
          }
        },
        "credit": "84c0",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-259: Use of Hard-coded Password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-252/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-252/"
            },
            {
              "name": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders",
              "refsource": "MISC",
              "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-27254",
    "datePublished": "2021-03-05T20:00:23",
    "dateReserved": "2021-02-16T00:00:00",
    "dateUpdated": "2024-08-03T20:48:15.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-27254\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2021-03-05T20:15:12.317\",\"lastModified\":\"2024-11-21T05:57:41.790\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.\"},{\"lang\":\"es\",\"value\":\"Esta vulnerabilidad permite a atacantes adyacentes a la red omitir una autenticaci\u00f3n en instalaciones afectadas de NETGEAR R7800.\u0026#xa0;No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad.\u0026#xa0;El fallo espec\u00edfico se presenta dentro del endpoint apply_save.cgi.\u0026#xa0;Este problema resulta del uso de una clave de cifrado embebida.\u0026#xa0;Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto de root.\u0026#xa0;Era ZDI-CAN-12287\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-259\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.0.5\",\"matchCriteriaId\":\"9680E98E-021B-4C71-AAA0-AEF49C6AD95F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED01605-09B9-417E-AE6F-1F62888A0C93\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.0.5\",\"matchCriteriaId\":\"89EDAF30-2238-495C-920F-F32CC17C046B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"261C0D85-C951-4F0C-B9C4-0E42B15834EE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.60\",\"matchCriteriaId\":\"6CBD5FC4-2EF7-49A9-8F23-C9398441E7BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA2D4987-3726-4A72-8D32-592F59FAC46D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.98\",\"matchCriteriaId\":\"53C5C134-0778-4098-B8B4-F9589516C297\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.98\",\"matchCriteriaId\":\"597D1ED8-FE6A-4325-83AB-5CA544CFA1AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5828F04B-E373-4E4F-942D-08CCA038418C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.2.158\",\"matchCriteriaId\":\"9A60E332-CA18-4617-B7C1-4BE82470DE34\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1289BBB4-1955-46A4-B5FE-BF11153C24F5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"208CF907-B3ED-4A7D-BA5B-16A00F44683D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5882095F-B22A-4937-BA08-6640140F10AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"74ED019D-C07A-44BE-BD3E-30885C748DDA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C63267D8-4632-4D14-B39C-BEEC62AD8F87\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"34EB68F4-B710-47C9-A01B-A6361B185A19\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B2C00E1-4A23-4304-B92F-B7D9F4818D90\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.2.158\",\"matchCriteriaId\":\"374F6EAA-A607-4A8F-BA86-EA770BA99189\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F285D60D-A5DA-4467-8F79-15EF8135D007\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"E02DD6E2-3A3E-4857-9761-1B40FFA4E755\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A88D2A3-3B22-4639-94E9-69CE80F37392\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"E53DAB63-389B-4B73-8F75-231320DC71C8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.216\",\"matchCriteriaId\":\"D8DC1B77-994C-473C-AC97-7CC06341C607\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.232\",\"matchCriteriaId\":\"B4F00B47-FFC8-4D45-B49E-8347504A9A4C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D9781C9-799A-4BDA-A027-987627A01633\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.3.50\",\"matchCriteriaId\":\"37C80013-2E0F-459F-BE08-18D60B109AC0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"863E45EA-2DA0-4C9A-9B87-79E42B3FF97C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.2.80\",\"matchCriteriaId\":\"3A43D307-64B1-46BF-8237-75518D1703CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17CF7445-6950-45FE-9D1A-E23F63316329\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.5.28\",\"matchCriteriaId\":\"01F57C27-EB5A-4F3E-ADF7-684DF8860DA2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F859165-8D89-4CDD-9D48-9C7923D2261F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.5.28\",\"matchCriteriaId\":\"8F67B805-17B5-4053-8399-0AFB2EF6E1D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"2135FFEC-0437-43C6-B146-3EF43E1B007B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5465A78-4826-4F72-9CBE-528CBF286A79\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"5A413E57-A780-486E-AF85-EE460C99D696\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"783EEEE0-BB9A-4C54-82B2-046B1033091C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"0E9B0ED1-3D84-44A6-BA37-E5F8D0EBCB10\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"E19C965E-FA8D-4B42-BCB1-23788621DF45\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B801EC38-5B86-49F2-AB81-63F0F07A9BBE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"DAA4BD93-AE89-4506-936F-26C605685193\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6C9F31C-3E12-4787-9C9B-14883D9D152A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"33146BAB-5A18-4A1F-BDD8-3BB33200CDB2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17D7D346-6F52-4473-A4EA-6059C177BF0F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"85AD5F45-F940-4FB5-B4D4-E44D816A3449\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"564B0FDF-7159-42EA-9CAA-BEF791274915\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC2B9C48-9FE6-462B-88EE-046F15E66430\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"998C6A17-5ADC-47F1-AF63-9B425143C086\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5604E66-E9CC-4B78-AF6A-2341B30E3594\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"252643DB-46F7-41E9-96E0-0669DD486E5F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1924FC8B-4031-4EA3-B214-AF6F77D94654\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"1FBFA62B-2EBC-426A-98DC-235879902E72\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BA66D07-D017-49D6-8E72-5C48E940DE1B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"66034CFD-1303-4B90-AF70-18B7EDBEFE32\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF03B2BB-34BB-4A0D-81CD-1841E524F885\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"237758B3-C096-465F-95C4-EB3F9835D91F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DADAA79-9A5C-4B6F-A58D-704ACD1C3334\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"217B0E6E-BCC9-4D12-ADD4-E2C65323018B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE5DBD66-9C2A-4EFF-87AB-03E791D584B5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"C8E13FC6-D0BF-4674-8A3B-FF5D81B15059\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E20E59-2B1E-4E43-A494-2C20FD716D4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"82504AE8-4D6F-4A49-A611-FBFB303CD237\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2CAEA32-6934-4743-9E6B-22D52AC5E7F8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"41B066B3-37CD-4839-909B-A8EC636E5F11\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32BAB5C0-F645-4A90-833F-6345335FA1AF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"9CED8944-D61A-4FDA-A9DB-76CBED16F338\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FDCDE39-0355-43B9-BF57-F3718DA2988D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"0484BCA5-6DD3-43B9-BB83-24B6BF99C4AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BCFD959-D522-4FA0-AD01-2937DAEE1EDF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"56489CFF-D34F-4C66-B69B-FB2CE4333D75\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27F93A76-6EFF-4DA6-9129-4792E2C125D4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.2.114\",\"matchCriteriaId\":\"FF01111F-8A37-4366-A63E-210E6CE0DB0E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.2.114\",\"matchCriteriaId\":\"4476F0C6-0A7D-4735-940C-F5C75316EEE9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.38\",\"matchCriteriaId\":\"1D92A0CE-769D-402F-8FD7-BDD8DF247CFD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E12892C8-5E01-49A6-BF47-09D630377093\"}]}]}],\"references\":[{\"url\":\"https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-252/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-252/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.