This vulnerability allows network-adjacent malicious users to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netgear br200 firmware |
||
netgear br500 firmware |
||
netgear d7800 firmware |
||
netgear ex6100v2 firmware |
||
netgear ex6150v2 firmware |
||
netgear ex6250 firmware |
||
netgear ex6400 firmware |
||
netgear ex6400v2 firmware |
||
netgear ex6410 firmware |
||
netgear ex6420 firmware |
||
netgear ex7300 firmware |
||
netgear ex7300v2 firmware |
||
netgear ex7320 firmware |
||
netgear ex7700 firmware |
||
netgear ex8000 firmware |
||
netgear lbr20 firmware |
||
netgear r7800 firmware |
||
netgear r8900 firmware |
||
netgear r9000 firmware |
||
netgear rbk12 firmware |
||
netgear rbk13 firmware |
||
netgear rbk14 firmware |
||
netgear rbk15 firmware |
||
netgear rbk20 firmware |
||
netgear rbk23 firmware |
||
netgear rbk40 firmware |
||
netgear rbk43 firmware |
||
netgear rbk43s firmware |
||
netgear rbk44 firmware |
||
netgear rbk50 firmware |
||
netgear rbk53 firmware |
||
netgear rbr10 firmware |
||
netgear rbr20 firmware |
||
netgear rbr40 firmware |
||
netgear rbr50 firmware |
||
netgear rbs10 firmware |
||
netgear rbs20 firmware |
||
netgear rbs40 firmware |
||
netgear rbs50 firmware |
||
netgear rbs50y firmware |
||
netgear xr450 firmware |
||
netgear xr500 firmware |
||
netgear xr700 firmware |