This vulnerability allows network-adjacent malicious users to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netgear br200_firmware |
||
netgear br500_firmware |
||
netgear d7800_firmware |
||
netgear ex6100v2_firmware |
||
netgear ex6150v2_firmware |
||
netgear ex6250_firmware |
||
netgear ex6400_firmware |
||
netgear ex6400v2_firmware |
||
netgear ex6410_firmware |
||
netgear ex6420_firmware |
||
netgear ex7300_firmware |
||
netgear ex7300v2_firmware |
||
netgear ex7320_firmware |
||
netgear ex7700_firmware |
||
netgear ex8000_firmware |
||
netgear lbr20_firmware |
||
netgear r7800_firmware |
||
netgear r8900_firmware |
||
netgear r9000_firmware |
||
netgear rbk12_firmware |
||
netgear rbk13_firmware |
||
netgear rbk14_firmware |
||
netgear rbk15_firmware |
||
netgear rbk20_firmware |
||
netgear rbk23_firmware |
||
netgear rbk40_firmware |
||
netgear rbk43_firmware |
||
netgear rbk43s_firmware |
||
netgear rbk44_firmware |
||
netgear rbk50_firmware |
||
netgear rbk53_firmware |
||
netgear rbr10_firmware |
||
netgear rbr20_firmware |
||
netgear rbr40_firmware |
||
netgear rbr50_firmware |
||
netgear rbs10_firmware |
||
netgear rbs20_firmware |
||
netgear rbs40_firmware |
||
netgear rbs50_firmware |
||
netgear rbs50y_firmware |
||
netgear xr450_firmware |
||
netgear xr500_firmware |
||
netgear xr700_firmware |