Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
739
VMScore

CVE-2021-27252

Published: 14/04/2021 Updated: 27/04/2021
CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 739
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

netgear br200 firmware

netgear br500 firmware

netgear d7800 firmware

netgear ex6100v2 firmware

netgear ex6150 firmware

netgear ex6250 firmware

netgear ex6400 firmware

netgear ex6400v2 firmware

netgear ex6410 firmware

netgear ex6420 firmware

netgear ex7300 firmware

netgear ex7300v2 firmware

netgear ex7320 firmware

netgear ex7700 firmware

netgear ex8000 firmware

netgear lbr20 firmware

netgear r7800 firmware

netgear r8900 firmware

netgear r9000 firmware

netgear rbk12 firmware

netgear rbk13 firmware

netgear rbk14 firmware

netgear rbk15 firmware

netgear rbk20 firmware

netgear rbk23 firmware

netgear rbk40 firmware

netgear rbk43 firmware

netgear rbk43s firmware

netgear rbk44 firmware

netgear rbk50 firmware

netgear rbk53 firmware

netgear rbr10 firmware

netgear rbr20 firmware

netgear rbr40 firmware

netgear rbr50 firmware

netgear rbs10 firmware

netgear rbs20 firmware

netgear rbs40 firmware

netgear rbs50 firmware

netgear rbs50y firmware

netgear xr450 firmware

netgear xr500 firmware

netgear xr700 firmware

References

CWE-78https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extendershttps://www.zerodayinitiative.com/advisories/ZDI-21-248/https://nvd.nist.govhttps://www.zerodayinitiative.com/advisories/ZDI-21-248/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103CVE-2024-36279CVE-2024-38457elevation of privilegeCVE-2024-27801CVE-2024-30103NULL pointer dereferenceCVE-2024-6057XML injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook