Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.3
CVSSv2

CVE-2021-27256

Published: 05/03/2021 Updated: 16/03/2021
CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 739
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Netgear

Vulnerability Summary

This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

netgear br200_firmware

netgear br500_firmware

netgear d7800_firmware

netgear ex6100v2_firmware

netgear ex6150v2_firmware

netgear ex6250_firmware

netgear ex6400_firmware

netgear ex6400v2_firmware

netgear ex6410_firmware

netgear ex6420_firmware

netgear ex7300_firmware

netgear ex7300v2_firmware

netgear ex7320_firmware

netgear ex7700_firmware

netgear ex8000_firmware

netgear lbr20_firmware

netgear r7800_firmware

netgear r8900_firmware

netgear r9000_firmware

netgear rbk12_firmware

netgear rbk13_firmware

netgear rbk14_firmware

netgear rbk15_firmware

netgear rbk20_firmware

netgear rbk23_firmware

netgear rbk40_firmware

netgear rbk43_firmware

netgear rbk43s_firmware

netgear rbk44_firmware

netgear rbk50_firmware

netgear rbk53_firmware

netgear rbr10_firmware

netgear rbr20_firmware

netgear rbr40_firmware

netgear rbr50_firmware

netgear rbs10_firmware

netgear rbs20_firmware

netgear rbs40_firmware

netgear rbs50_firmware

netgear rbs50y_firmware

netgear xr450_firmware

netgear xr500_firmware

netgear xr700_firmware

References

CWE-78https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extendershttps://www.zerodayinitiative.com/advisories/ZDI-21-262/https://nvd.nist.govhttps://www.zerodayinitiative.com/advisories/ZDI-21-262/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook