Search

Find a vulnerability

Search criteria

    9 vulnerabilities found for rbk13 by netgear

    VAR-202103-1271

    Vulnerability from variot - Updated: 2024-11-23 23:04

    Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50. plural NETGEAR A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects R6700v3 prior to 1.0.4.98, R6400v2 prior to 1.0.4.98, R7000 prior to 1.0.11.106, R6900P prior to 1.3.2.124, R7000P prior to 1.3.2.124, R7900 prior to 1.0.4.26, R7850 prior to 1.0.5.60, R8000 prior to 1.0.4.58, RS400 prior to 1.5.0.48, R6400 prior to 1.0.1.62, R6700 prior to 1.0.2.16, R6900 prior to 1.0.2.16, MK60 prior to 1.0.5.102, MR60 prior to 1.0.5.102, MS60 prior to 1.0.5.102, CBR40 prior to 2.5.0.10, R8000P prior to 1.4.1.62, R7960P prior to 1.4.1.62, R7900P prior to 1.4.1.62, RAX15 prior to 1.0.1.64, RAX20 prior to 1.0.1.64, RAX75 prior to 1.0.3.102, RAX80 prior to 1.0.3.102, RAX200 prior to 1.0.2.102, RAX45 prior to 1.0.2.64, RAX50 prior to 1.0.2.64, EX7500 prior to 1.0.0.68, EAX80 prior to 1.0.1.62, EAX20 prior to 1.0.0.36, RBK752 prior to 3.2.16.6, RBK753 prior to 3.2.16.6, RBK753S prior to 3.2.16.6, RBK754 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBK853 prior to 3.2.16.6, RBK854 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, RBS850 prior to 3.2.16.6, RBR840 prior to 3.2.16.6, RBS840 prior to 3.2.16.6, R6120 prior to 1.0.0.70, R6220 prior to 1.1.0.100, R6230 prior to 1.1.0.100, R6260 prior to 1.1.0.76, R6850 prior to 1.1.0.76, R6350 prior to 1.1.0.76, R6330 prior to 1.1.0.76, D7800 prior to 1.0.1.58, RBK50 prior to 2.6.1.40, RBR50 prior to 2.6.1.40, RBS50 prior to 2.6.1.40, RBK40 prior to 2.6.1.36, RBR40 prior to 2.6.1.36, RBS40 prior to 2.6.1.38, RBK23 prior to 2.6.1.36, RBR20 prior to 2.6.1.38, RBS20 prior to 2.6.1.38, RBK12 prior to 2.6.1.44, RBK13 prior to 2.6.1.44, RBK14 prior to 2.6.1.44, RBK15 prior to 2.6.1.44, RBR10 prior to 2.6.1.44, RBS10 prior to 2.6.1.44, R6800 prior to 1.2.0.72, R6900v2 prior to 1.2.0.72, R6700v2 prior to 1.2.0.72, R7200 prior to 1.2.0.72, R7350 prior to 1.2.0.72, R7400 prior to 1.2.0.72, R7450 prior to 1.2.0.72, AC2100 prior to 1.2.0.72, AC2400 prior to 1.2.0.72, AC2600 prior to 1.2.0.72, R7800 prior to 1.0.2.74, R8900 prior to 1.0.5.24, R9000 prior to 1.0.5.24, RAX120 prior to 1.0.1.136, XR450 prior to 2.3.2.66, XR500 prior to 2.3.2.66, XR700 prior to 1.0.1.34, and XR300 prior to 1.0.3.50

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-1271",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r6900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.72"
          },
          {
            "model": "ms60",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.102"
          },
          {
            "model": "rax200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.102"
          },
          {
            "model": "r7400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.72"
          },
          {
            "model": "rbr50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.40"
          },
          {
            "model": "r6900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.16"
          },
          {
            "model": "r7350",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.72"
          },
          {
            "model": "rbs850",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "rbk50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.40"
          },
          {
            "model": "rbk12",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "model": "rbs750",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "rbr40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "model": "rbs10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "model": "rax120",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.136"
          },
          {
            "model": "rax75",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.3.102"
          },
          {
            "model": "r9000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.24"
          },
          {
            "model": "rbk854",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "eax80",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.62"
          },
          {
            "model": "r7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.74"
          },
          {
            "model": "r7900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.4.26"
          },
          {
            "model": "ac2100",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.72"
          },
          {
            "model": "rbk753",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "xr300",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.3.50"
          },
          {
            "model": "d7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.58"
          },
          {
            "model": "rax50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.64"
          },
          {
            "model": "rbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "model": "r6260",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.1.0.76"
          },
          {
            "model": "r8900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.24"
          },
          {
            "model": "rbk14",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "model": "r6120",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.70"
          },
          {
            "model": "xr700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.34"
          },
          {
            "model": "ex7500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.68"
          },
          {
            "model": "rbk23",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "model": "xr500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.66"
          },
          {
            "model": "rbr840",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "r7960p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.4.1.62"
          },
          {
            "model": "rbk15",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "model": "ac2600",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.72"
          },
          {
            "model": "rbs50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.40"
          },
          {
            "model": "rax20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.64"
          },
          {
            "model": "rbs20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "model": "cbr40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.5.0.10"
          },
          {
            "model": "ac2400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.72"
          },
          {
            "model": "rbr850",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "r6220",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.70"
          },
          {
            "model": "r6330",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.1.0.76"
          },
          {
            "model": "rbk852",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "r8000p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.4.1.62"
          },
          {
            "model": "rbk853",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "r6900p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.3.2.124"
          },
          {
            "model": "r6800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.72"
          },
          {
            "model": "xr450",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.66"
          },
          {
            "model": "r6400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.4.98"
          },
          {
            "model": "rs400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.5.0.48"
          },
          {
            "model": "r6350",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.1.0.76"
          },
          {
            "model": "r6700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.4.98"
          },
          {
            "model": "r7000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.11.106"
          },
          {
            "model": "rbk13",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "model": "r7850",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.60"
          },
          {
            "model": "r6400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.62"
          },
          {
            "model": "mr60",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.102"
          },
          {
            "model": "eax20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.36"
          },
          {
            "model": "rbk842",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "rbr750",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "r7200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.72"
          },
          {
            "model": "r6700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.72"
          },
          {
            "model": "r8000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.4.58"
          },
          {
            "model": "rax80",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.3.102"
          },
          {
            "model": "rbk754",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "r6700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.16"
          },
          {
            "model": "rax45",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.64"
          },
          {
            "model": "rbk753s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "r6230",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.70"
          },
          {
            "model": "rbs40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "model": "rax15",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.64"
          },
          {
            "model": "rbk752",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "r6850",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.1.0.76"
          },
          {
            "model": "rbk40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "model": "r7450",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.2.0.72"
          },
          {
            "model": "rbs840",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "3.2.16.6"
          },
          {
            "model": "r7900p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.4.1.62"
          },
          {
            "model": "r7000p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.3.2.124"
          },
          {
            "model": "mk60",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.102"
          },
          {
            "model": "rbr10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "model": "r6900p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "model": "r7000p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "model": "r7000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "model": "r7850",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "model": "r6400",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "model": "r7900",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "model": "r8000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "model": "r6700",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005326"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29068"
          }
        ]
      },
      "cve": "CVE-2021-29068",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-29068",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-29068",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-29068",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-29068",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-29068",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2021-29068",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-29068",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-1360",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-29068",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-29068"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005326"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1360"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29068"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29068"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50. plural NETGEAR A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects R6700v3 prior to 1.0.4.98, R6400v2 prior to 1.0.4.98, R7000 prior to 1.0.11.106, R6900P prior to 1.3.2.124, R7000P prior to 1.3.2.124, R7900 prior to 1.0.4.26, R7850 prior to 1.0.5.60, R8000 prior to 1.0.4.58, RS400 prior to 1.5.0.48, R6400 prior to 1.0.1.62, R6700 prior to 1.0.2.16, R6900 prior to 1.0.2.16, MK60 prior to 1.0.5.102, MR60 prior to 1.0.5.102, MS60 prior to 1.0.5.102, CBR40 prior to 2.5.0.10, R8000P prior to 1.4.1.62, R7960P prior to 1.4.1.62, R7900P prior to 1.4.1.62, RAX15 prior to 1.0.1.64, RAX20 prior to 1.0.1.64, RAX75 prior to 1.0.3.102, RAX80 prior to 1.0.3.102, RAX200 prior to 1.0.2.102, RAX45 prior to 1.0.2.64, RAX50 prior to 1.0.2.64, EX7500 prior to 1.0.0.68, EAX80 prior to 1.0.1.62, EAX20 prior to 1.0.0.36, RBK752 prior to 3.2.16.6, RBK753 prior to 3.2.16.6, RBK753S prior to 3.2.16.6, RBK754 prior to 3.2.16.6, RBR750 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBK852 prior to 3.2.16.6, RBK853 prior to 3.2.16.6, RBK854 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, RBS850 prior to 3.2.16.6, RBR840 prior to 3.2.16.6, RBS840 prior to 3.2.16.6, R6120 prior to 1.0.0.70, R6220 prior to 1.1.0.100, R6230 prior to 1.1.0.100, R6260 prior to 1.1.0.76, R6850 prior to 1.1.0.76, R6350 prior to 1.1.0.76, R6330 prior to 1.1.0.76, D7800 prior to 1.0.1.58, RBK50 prior to 2.6.1.40, RBR50 prior to 2.6.1.40, RBS50 prior to 2.6.1.40, RBK40 prior to 2.6.1.36, RBR40 prior to 2.6.1.36, RBS40 prior to 2.6.1.38, RBK23 prior to 2.6.1.36, RBR20 prior to 2.6.1.38, RBS20 prior to 2.6.1.38, RBK12 prior to 2.6.1.44, RBK13 prior to 2.6.1.44, RBK14 prior to 2.6.1.44, RBK15 prior to 2.6.1.44, RBR10 prior to 2.6.1.44, RBS10 prior to 2.6.1.44, R6800 prior to 1.2.0.72, R6900v2 prior to 1.2.0.72, R6700v2 prior to 1.2.0.72, R7200 prior to 1.2.0.72, R7350 prior to 1.2.0.72, R7400 prior to 1.2.0.72, R7450 prior to 1.2.0.72, AC2100 prior to 1.2.0.72, AC2400 prior to 1.2.0.72, AC2600 prior to 1.2.0.72, R7800 prior to 1.0.2.74, R8900 prior to 1.0.5.24, R9000 prior to 1.0.5.24, RAX120 prior to 1.0.1.136, XR450 prior to 2.3.2.66, XR500 prior to 2.3.2.66, XR700 prior to 1.0.1.34, and XR300 prior to 1.0.3.50",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-29068"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005326"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-29068"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-29068",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005326",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1360",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-29068",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-29068"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005326"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1360"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29068"
          }
        ]
      },
      "id": "VAR-202103-1271",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3117663121621622
      },
      "last_update_date": "2024-11-23T23:04:04.570000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security\u00a0Advisory\u00a0for\u00a0Post-Authentication\u00a0Buffer\u00a0Overflow\u00a0on\u00a0Some\u00a0Routers,\u00a0Extenders,\u00a0and\u00a0WiFi\u00a0Systems\u00a0,\u00a0PSV-2020-0155",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000063021/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0155"
          },
          {
            "title": "Netgear NETGEAR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145681"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005326"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1360"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005326"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29068"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://kb.netgear.com/000063021/security-advisory-for-post-authentication-buffer-overflow-on-some-routers-extenders-and-wifi-systems-psv-2020-0155"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29068"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/120.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-29068"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005326"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1360"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29068"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2021-29068"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005326"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1360"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29068"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-29068"
          },
          {
            "date": "2021-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005326"
          },
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-1360"
          },
          {
            "date": "2021-03-23T07:15:13.297000",
            "db": "NVD",
            "id": "CVE-2021-29068"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-29068"
          },
          {
            "date": "2021-12-13T01:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-005326"
          },
          {
            "date": "2021-03-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-1360"
          },
          {
            "date": "2024-11-21T06:00:38.353000",
            "db": "NVD",
            "id": "CVE-2021-29068"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1360"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0NETGEAR\u00a0 Classic buffer overflow vulnerability in device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-005326"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1360"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0947

    Vulnerability from variot - Updated: 2024-11-23 22:57

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355. NETGEAR R7800 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-12355 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "rbk53",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "r9000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.80"
          },
          {
            "_id": null,
            "model": "rbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "r8900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "rbk20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "rbs50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk12",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.60"
          },
          {
            "_id": null,
            "model": "ex6420",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7300",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7320",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbr50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk13",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk23",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "br200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk44",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "xr500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "lbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.3.50"
          },
          {
            "_id": null,
            "model": "ex6150v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "rbs20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbs50y",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "xr450",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "br500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk14",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "ex7300v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "xr700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.38"
          },
          {
            "_id": null,
            "model": "rbr40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "rbk43",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex7700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.216"
          },
          {
            "_id": null,
            "model": "rbr10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk43s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex8000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.232"
          },
          {
            "_id": null,
            "model": "rbk15",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "ex6150v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "br200",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6420",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "br500",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": null,
            "trust": 0.7,
            "vendor": "netgear",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004431"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27256"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "takeshi",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-262"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-27256",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-27256",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27256",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27256",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27256",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-27256",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-27256",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-27256",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-27256",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202102-1749",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-27256",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-262"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1749"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27256"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27256"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355. NETGEAR R7800 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-12355 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004431"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-262"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27256"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-27256",
            "trust": 3.2
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-262",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004431",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-12355",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1749",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27256",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-262"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1749"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27256"
          }
        ]
      },
      "id": "VAR-202103-0947",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.26161140789473686
      },
      "last_update_date": "2024-11-23T22:57:58.511000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Security\u00a0Advisory\u00a0for\u00a0Multiple\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Routers,\u00a0Satellites,\u00a0and\u00a0Extenders",
            "trust": 1.5,
            "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
          },
          {
            "title": "NETGEAR Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142980"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1749"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004431"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27256"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.2,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-262/"
          },
          {
            "trust": 2.4,
            "url": "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27256"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-262"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1749"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27256"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-262",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27256",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004431",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1749",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27256",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-262",
            "ident": null
          },
          {
            "date": "2021-03-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27256",
            "ident": null
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004431",
            "ident": null
          },
          {
            "date": "2021-02-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1749",
            "ident": null
          },
          {
            "date": "2021-03-05T20:15:12.550000",
            "db": "NVD",
            "id": "CVE-2021-27256",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-262",
            "ident": null
          },
          {
            "date": "2021-03-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27256",
            "ident": null
          },
          {
            "date": "2021-11-22T05:39:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004431",
            "ident": null
          },
          {
            "date": "2021-03-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1749",
            "ident": null
          },
          {
            "date": "2024-11-21T05:57:42.160000",
            "db": "NVD",
            "id": "CVE-2021-27256",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1749"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "NETGEAR\u00a0R7800\u00a0 In firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004431"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1749"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0948

    Vulnerability from variot - Updated: 2024-11-23 22:54

    This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362. NETGEAR R7800 There is a certificate validation vulnerability in the firmware. Zero Day Initiative To this vulnerability ZDI-CAN-12362 Was numbered.Information may be tampered with. Netgear NETGEAR R7800 is a wireless router from Netgear

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "r7800",
            "scope": null,
            "trust": 1.3,
            "vendor": "netgear",
            "version": null
          },
          {
            "_id": null,
            "model": "rbk53",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "r9000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.80"
          },
          {
            "_id": null,
            "model": "rbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "r8900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "rbk20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "rbs50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk12",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.60"
          },
          {
            "_id": null,
            "model": "ex6420",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7300",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7320",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbr50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk13",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk23",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "br200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk44",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "xr500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "lbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.3.50"
          },
          {
            "_id": null,
            "model": "ex6150v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "rbs20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbs50y",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "xr450",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "br500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk14",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "ex7300v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "xr700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.38"
          },
          {
            "_id": null,
            "model": "rbr40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "rbk43",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex7700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.216"
          },
          {
            "_id": null,
            "model": "rbr10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk43s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex8000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.232"
          },
          {
            "_id": null,
            "model": "rbk15",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "ex6150v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "br500",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6420",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "br200",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-264"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14775"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004503"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27257"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Team FLASHBACK: Pedro Ribeiro (@pedrib1337 | pedrib@gmail.com)  + Radek Domanski (@RabbitPro)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-264"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-27257",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-27257",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.9,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2021-14775",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27257",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27257",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27257",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-27257",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-27257",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-27257",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-27257",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-14775",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202102-1752",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-27257",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-264"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14775"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004503"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1752"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27257"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27257"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362. NETGEAR R7800 There is a certificate validation vulnerability in the firmware. Zero Day Initiative To this vulnerability ZDI-CAN-12362 Was numbered.Information may be tampered with. Netgear NETGEAR R7800 is a wireless router from Netgear",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004503"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-264"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14775"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27257"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-27257",
            "trust": 3.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-264",
            "trust": 3.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004503",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-12362",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14775",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1752",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27257",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-264"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14775"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004503"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1752"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27257"
          }
        ]
      },
      "id": "VAR-202103-0948",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14775"
          }
        ],
        "trust": 0.8616114078947368
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14775"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:54:53.310000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Security\u00a0Advisory\u00a0for\u00a0Multiple\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Routers,\u00a0Satellites,\u00a0and\u00a0Extenders",
            "trust": 1.5,
            "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
          },
          {
            "title": "Patch for NETGEAR remote code execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/251011"
          },
          {
            "title": "NETGEAR Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142983"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-264"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14775"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004503"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1752"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-295",
            "trust": 1.0
          },
          {
            "problemtype": "Bad certificate verification (CWE-295) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004503"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27257"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-264/"
          },
          {
            "trust": 2.4,
            "url": "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27257"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/295.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-264"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14775"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004503"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1752"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27257"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-264",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14775",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27257",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004503",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1752",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27257",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-264",
            "ident": null
          },
          {
            "date": "2021-03-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-14775",
            "ident": null
          },
          {
            "date": "2021-03-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27257",
            "ident": null
          },
          {
            "date": "2021-11-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004503",
            "ident": null
          },
          {
            "date": "2021-02-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1752",
            "ident": null
          },
          {
            "date": "2021-03-05T20:15:12.660000",
            "db": "NVD",
            "id": "CVE-2021-27257",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-06-29T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-264",
            "ident": null
          },
          {
            "date": "2021-03-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-14775",
            "ident": null
          },
          {
            "date": "2021-03-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27257",
            "ident": null
          },
          {
            "date": "2021-11-24T03:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004503",
            "ident": null
          },
          {
            "date": "2021-03-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1752",
            "ident": null
          },
          {
            "date": "2024-11-21T05:57:42.320000",
            "db": "NVD",
            "id": "CVE-2021-27257",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1752"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "NETGEAR\u00a0R7800\u00a0 Firmware validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004503"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1752"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-1037

    Vulnerability from variot - Updated: 2024-11-23 22:54

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308. Zero Day Initiative To this vulnerability ZDI-CAN-12308 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "rbk53",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "r9000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.80"
          },
          {
            "_id": null,
            "model": "rbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "r8900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "rbk20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "rbs50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk12",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.60"
          },
          {
            "_id": null,
            "model": "ex6420",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7300",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7320",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbr50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk13",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk23",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "br200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk44",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "xr500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "lbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.3.50"
          },
          {
            "_id": null,
            "model": "rbs20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbs50y",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "xr450",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "br500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk14",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "ex6150",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "ex7300v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "xr700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.38"
          },
          {
            "_id": null,
            "model": "rbr40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "rbk43",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex7700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.216"
          },
          {
            "_id": null,
            "model": "rbr10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk43s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex8000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.232"
          },
          {
            "_id": null,
            "model": "rbk15",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "br500",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6150",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "br200",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": null,
            "trust": 0.7,
            "vendor": "netgear",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-247"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006381"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27251"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Team FLASHBACK: Pedro Ribeiro (@pedrib1337 | pedrib@gmail.com) + Radek Domanski (@RabbitPro)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-247"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-27251",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-27251",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27251",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27251",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27251",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-27251",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-27251",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-27251",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-27251",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-1136",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-247"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006381"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1136"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27251"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27251"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308. Zero Day Initiative To this vulnerability ZDI-CAN-12308 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006381"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-247"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27251"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-27251",
            "trust": 4.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-247",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006381",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-12308",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1136",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27251",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-247"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006381"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1136"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27251"
          }
        ]
      },
      "id": "VAR-202104-1037",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.25201656722222227
      },
      "last_update_date": "2024-11-23T22:54:48.346000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Security\u00a0Advisory\u00a0for\u00a0Multiple\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Routers,\u00a0Satellites,\u00a0and\u00a0Extenders",
            "trust": 1.5,
            "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
          },
          {
            "title": "Netgear NETGEAR Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147498"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-247"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006381"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1136"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.0
          },
          {
            "problemtype": "Sending important information in clear text (CWE-319) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006381"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27251"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-247/"
          },
          {
            "trust": 2.4,
            "url": "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27251"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-247"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006381"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1136"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27251"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-247",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27251",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006381",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1136",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27251",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-247",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27251",
            "ident": null
          },
          {
            "date": "2022-01-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-006381",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1136",
            "ident": null
          },
          {
            "date": "2021-04-14T16:15:13.657000",
            "db": "NVD",
            "id": "CVE-2021-27251",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-247",
            "ident": null
          },
          {
            "date": "2021-04-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27251",
            "ident": null
          },
          {
            "date": "2022-01-06T05:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-006381",
            "ident": null
          },
          {
            "date": "2021-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1136",
            "ident": null
          },
          {
            "date": "2024-11-21T05:57:41.280000",
            "db": "NVD",
            "id": "CVE-2021-27251",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1136"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "NETGEAR\u00a0Nighthawk\u00a0R7800\u00a0 Vulnerability in plaintext transmission of important information in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006381"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1136"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-1038

    Vulnerability from variot - Updated: 2024-11-23 22:47

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216. NETGEAR R7800 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-12216 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "rbk53",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "r9000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.80"
          },
          {
            "_id": null,
            "model": "rbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "r8900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "rbk20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "rbs50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk12",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.60"
          },
          {
            "_id": null,
            "model": "ex6420",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7300",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7320",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbr50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk13",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk23",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "br200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk44",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "xr500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "lbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.3.50"
          },
          {
            "_id": null,
            "model": "rbs20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbs50y",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "xr450",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "br500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk14",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "ex6150",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "ex7300v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "xr700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.38"
          },
          {
            "_id": null,
            "model": "rbr40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "rbk43",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex7700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.216"
          },
          {
            "_id": null,
            "model": "rbr10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk43s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex8000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.232"
          },
          {
            "_id": null,
            "model": "rbk15",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "br500",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6150",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "br200",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": null,
            "trust": 0.7,
            "vendor": "netgear",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-248"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006382"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27252"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "atdog (@atdog_tw)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-248"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-27252",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-27252",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27252",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27252",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27252",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-27252",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-27252",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-27252",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-27252",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-1073",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-248"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006382"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1073"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27252"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27252"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216. NETGEAR R7800 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-12216 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27252"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006382"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-248"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27252"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-27252",
            "trust": 4.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-248",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006382",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-12216",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1073",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27252",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-248"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27252"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006382"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1073"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27252"
          }
        ]
      },
      "id": "VAR-202104-1038",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.25201656722222227
      },
      "last_update_date": "2024-11-23T22:47:39.525000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Security\u00a0Advisory\u00a0for\u00a0Multiple\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Routers,\u00a0Satellites,\u00a0and\u00a0Extenders",
            "trust": 1.5,
            "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
          },
          {
            "title": "Netgear NETGEAR R7800 Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147594"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-248"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006382"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1073"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006382"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27252"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-248/"
          },
          {
            "trust": 2.4,
            "url": "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27252"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-248"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27252"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006382"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1073"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27252"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-248",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27252",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006382",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1073",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27252",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-248",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27252",
            "ident": null
          },
          {
            "date": "2022-01-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-006382",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1073",
            "ident": null
          },
          {
            "date": "2021-04-14T16:15:13.737000",
            "db": "NVD",
            "id": "CVE-2021-27252",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-248",
            "ident": null
          },
          {
            "date": "2021-04-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27252",
            "ident": null
          },
          {
            "date": "2022-01-06T05:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-006382",
            "ident": null
          },
          {
            "date": "2021-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1073",
            "ident": null
          },
          {
            "date": "2024-11-21T05:57:41.453000",
            "db": "NVD",
            "id": "CVE-2021-27252",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1073"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "NETGEAR\u00a0R7800\u00a0 In firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006382"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1073"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0946

    Vulnerability from variot - Updated: 2024-11-23 22:33

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360. Zero Day Initiative To this vulnerability ZDI-CAN-12360 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "rbk53",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "r9000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.80"
          },
          {
            "_id": null,
            "model": "rbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "r8900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "rbk20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "rbs50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk12",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.60"
          },
          {
            "_id": null,
            "model": "ex6420",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7300",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7320",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbr50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk13",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk23",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "br200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk44",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "xr500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "lbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.3.50"
          },
          {
            "_id": null,
            "model": "ex6150v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "rbs20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbs50y",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "xr450",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "br500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk14",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "ex7300v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "xr700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.38"
          },
          {
            "_id": null,
            "model": "rbr40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "rbk43",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex7700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.216"
          },
          {
            "_id": null,
            "model": "rbr10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk43s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex8000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.232"
          },
          {
            "_id": null,
            "model": "rbk15",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "ex6150v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "br200",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6420",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "br500",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": null,
            "trust": 0.7,
            "vendor": "netgear",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004433"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27255"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "STARLabs",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-263"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-27255",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-27255",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27255",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27255",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-27255",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27255",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-27255",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-27255",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-27255",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-27255",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202102-1751",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004433"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1751"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27255"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27255"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360. Zero Day Initiative To this vulnerability ZDI-CAN-12360 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004433"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-263"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-27255",
            "trust": 3.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-263",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004433",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-12360",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1751",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004433"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1751"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27255"
          }
        ]
      },
      "id": "VAR-202103-0946",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.26161140789473686
      },
      "last_update_date": "2024-11-23T22:33:06.689000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Security\u00a0Advisory\u00a0for\u00a0Multiple\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Routers,\u00a0Satellites,\u00a0and\u00a0Extenders",
            "trust": 1.5,
            "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
          },
          {
            "title": "NETGEAR Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142982"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004433"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1751"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004433"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27255"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.0,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-263/"
          },
          {
            "trust": 2.3,
            "url": "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27255"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004433"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1751"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27255"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-263",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004433",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1751",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27255",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-263",
            "ident": null
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004433",
            "ident": null
          },
          {
            "date": "2021-02-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1751",
            "ident": null
          },
          {
            "date": "2021-03-05T20:15:12.457000",
            "db": "NVD",
            "id": "CVE-2021-27255",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-263",
            "ident": null
          },
          {
            "date": "2021-11-22T05:55:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004433",
            "ident": null
          },
          {
            "date": "2021-03-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1751",
            "ident": null
          },
          {
            "date": "2024-11-21T05:57:41.983000",
            "db": "NVD",
            "id": "CVE-2021-27255",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1751"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "NETGEAR\u00a0R7800\u00a0 Vulnerability regarding lack of authentication for important functions in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004433"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1751"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-1039

    Vulnerability from variot - Updated: 2024-11-23 22:33

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "rbk53",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "r9000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.80"
          },
          {
            "_id": null,
            "model": "rbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "r8900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "rbk20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "rbs50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk12",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.60"
          },
          {
            "_id": null,
            "model": "ex6420",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7300",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7320",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbr50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk13",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk23",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "br200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk44",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "xr500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "lbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.3.50"
          },
          {
            "_id": null,
            "model": "rbs20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbs50y",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "xr450",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "br500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk14",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "ex6150",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "ex7300v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "xr700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.38"
          },
          {
            "_id": null,
            "model": "rbr40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "rbk43",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex7700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.216"
          },
          {
            "_id": null,
            "model": "rbr10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk43s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex8000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.232"
          },
          {
            "_id": null,
            "model": "rbk15",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": null,
            "trust": 0.7,
            "vendor": "netgear",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-249"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27253"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ho\\xc3\\xa0ng Th\\xe1\\xba\\xa1ch Nguy\\xe1\\xbb\\x85n, Lucas Tay",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-249"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-27253",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-27253",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27253",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27253",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27253",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-27253",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-27253",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-27253",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-1071",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-27253",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-249"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1071"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27253"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27253"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27253"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-249"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27253"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-27253",
            "trust": 2.4
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-249",
            "trust": 2.4
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-12303",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1071",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27253",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-249"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1071"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27253"
          }
        ]
      },
      "id": "VAR-202104-1039",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.25201656722222227
      },
      "last_update_date": "2024-11-23T22:33:05.324000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "NETGEAR has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
          },
          {
            "title": "Netgear NETGEAR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148415"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1071"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27253"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders"
          },
          {
            "trust": 1.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-249/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27253"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-249"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1071"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27253"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-249",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27253",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1071",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27253",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-249",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27253",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1071",
            "ident": null
          },
          {
            "date": "2021-04-14T16:15:13.797000",
            "db": "NVD",
            "id": "CVE-2021-27253",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-249",
            "ident": null
          },
          {
            "date": "2021-04-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27253",
            "ident": null
          },
          {
            "date": "2021-04-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1071",
            "ident": null
          },
          {
            "date": "2024-11-21T05:57:41.613000",
            "db": "NVD",
            "id": "CVE-2021-27253",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1071"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "(Pwn2Own) NETGEAR Nighthawk R7800 Heap-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-249"
          }
        ],
        "trust": 0.7
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1071"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202102-0332

    Vulnerability from variot - Updated: 2024-11-23 22:29

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076. NETGEAR Orbi Has OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11076 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ex8000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.224"
          },
          {
            "_id": null,
            "model": "rbk20 router",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "ex6200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.82"
          },
          {
            "_id": null,
            "model": "rbk43 satellite",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "rbk15",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "_id": null,
            "model": "rbr50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.40"
          },
          {
            "_id": null,
            "model": "rbk20 satellite",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "rbk50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.40"
          },
          {
            "_id": null,
            "model": "rbk12",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "_id": null,
            "model": "rbs10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "_id": null,
            "model": "cbk43",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "rbr40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "rbk13",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "_id": null,
            "model": "rbk52w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.40"
          },
          {
            "_id": null,
            "model": "rbk30",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "cbr40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "rbk44 router",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "rbk43s satellite",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "ex7700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.210"
          },
          {
            "_id": null,
            "model": "rbk43 router",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "rbs40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "rbk14",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "_id": null,
            "model": "rbk20w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "cbk40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "rbk22 router",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "rbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "rbk23 satellite",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "rbk33",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "rbk23w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "rbk40 satellite",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "rbr10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.44"
          },
          {
            "_id": null,
            "model": "rbk22 satellite",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "rbk43s router",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "rbk50v",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.40"
          },
          {
            "_id": null,
            "model": "rbk40 router",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "rbk23 router",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.36"
          },
          {
            "_id": null,
            "model": "rbs20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "rbs50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.40"
          },
          {
            "_id": null,
            "model": "rbk44 satellite",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.1.38"
          },
          {
            "_id": null,
            "model": "cbk43",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "rbk12",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "cbr40",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex7700",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6200",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex8000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "cbk40",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "rbk15",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "rbk13",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "rbk14",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "orbi",
            "scope": null,
            "trust": 0.7,
            "vendor": "netgear",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015997"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27861"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Shaunak Mirani",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1430"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-27861",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2020-27861",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-27861",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-27861",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-27861",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-27861",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2020-27861",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-27861",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-27861",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202102-1082",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-27861",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27861"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1082"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27861"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27861"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076. NETGEAR Orbi Has OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11076 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27861"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015997"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27861"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-27861",
            "trust": 3.2
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1430",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015997",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11076",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1082",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27861",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27861"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1082"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27861"
          }
        ]
      },
      "id": "VAR-202102-0332",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.259371377
      },
      "last_update_date": "2024-11-23T22:29:19.265000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Security\u00a0Advisory\u00a0for\u00a0Unauthenticated\u00a0Command\u00a0Injection\u00a0Vulnerability\u00a0on\u00a0Some\u00a0Extenders\u00a0and\u00a0Orbi\u00a0WiFi\u00a0Systems,\u00a0PSV-2020-0301",
            "trust": 0.8,
            "url": "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0301"
          },
          {
            "title": "NETGEAR has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems"
          },
          {
            "title": "Netgear NETGEAR Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142366"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/f1tao/awesome-iot-security-resource "
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27861"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1082"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015997"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27861"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-1430/"
          },
          {
            "trust": 2.4,
            "url": "https://kb.netgear.com/000062507/security-advisory-for-unauthenticated-command-injection-vulnerability-on-some-extenders-and-orbi-wifi-systems"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27861"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/f1tao/awesome-iot-security-resource"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27861"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1082"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27861"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1430",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27861",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015997",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1082",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27861",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1430",
            "ident": null
          },
          {
            "date": "2021-02-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27861",
            "ident": null
          },
          {
            "date": "2021-10-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-015997",
            "ident": null
          },
          {
            "date": "2021-02-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1082",
            "ident": null
          },
          {
            "date": "2021-02-12T00:15:12.500000",
            "db": "NVD",
            "id": "CVE-2020-27861",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-12-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1430",
            "ident": null
          },
          {
            "date": "2021-03-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27861",
            "ident": null
          },
          {
            "date": "2021-10-29T09:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-015997",
            "ident": null
          },
          {
            "date": "2021-03-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1082",
            "ident": null
          },
          {
            "date": "2024-11-21T05:21:57.107000",
            "db": "NVD",
            "id": "CVE-2020-27861",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1082"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "NETGEAR\u00a0Orbi\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015997"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1082"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0945

    Vulnerability from variot - Updated: 2024-11-23 22:20

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287. Zero Day Initiative To this vulnerability ZDI-CAN-12287 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "rbk53",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "r9000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.80"
          },
          {
            "_id": null,
            "model": "rbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "r8900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.5.28"
          },
          {
            "_id": null,
            "model": "rbk20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "rbs50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk12",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbs40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.60"
          },
          {
            "_id": null,
            "model": "ex6420",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7300",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.2.158"
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "ex7320",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbr50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk13",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "rbk23",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "br200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk44",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "xr500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "lbr20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.3.50"
          },
          {
            "_id": null,
            "model": "ex6150v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "rbs20",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "rbs50y",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "xr450",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.3.2.114"
          },
          {
            "_id": null,
            "model": "br500",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "5.10.0.5"
          },
          {
            "_id": null,
            "model": "rbk14",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "ex7300v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.134"
          },
          {
            "_id": null,
            "model": "xr700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.38"
          },
          {
            "_id": null,
            "model": "rbr40",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.98"
          },
          {
            "_id": null,
            "model": "rbk43",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex7700",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.0.216"
          },
          {
            "_id": null,
            "model": "rbr10",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "rbk43s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.6.2.104"
          },
          {
            "_id": null,
            "model": "ex8000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "1.0.1.232"
          },
          {
            "_id": null,
            "model": "rbk15",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netgear",
            "version": "2.7.2.104"
          },
          {
            "_id": null,
            "model": "ex6150v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6100v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "d7800",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "br200",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6250",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6420",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6410",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "ex6400",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "br500",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
            "version": null
          },
          {
            "_id": null,
            "model": "r7800",
            "scope": null,
            "trust": 0.7,
            "vendor": "netgear",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-252"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004434"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27254"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "84c0",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-252"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-27254",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-27254",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27254",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27254",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-27254",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27254",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-27254",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-27254",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-27254",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-27254",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202102-1677",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-252"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004434"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1677"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27254"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27254"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287. Zero Day Initiative To this vulnerability ZDI-CAN-12287 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004434"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-252"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-27254",
            "trust": 3.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-252",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004434",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-12287",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1677",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-252"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004434"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1677"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27254"
          }
        ]
      },
      "id": "VAR-202103-0945",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2616114078947368
      },
      "last_update_date": "2024-11-23T22:20:50.647000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Security\u00a0Advisory\u00a0for\u00a0Multiple\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Routers,\u00a0Satellites,\u00a0and\u00a0Extenders",
            "trust": 1.5,
            "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
          },
          {
            "title": "NETGEAR Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142759"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-252"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004434"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1677"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          },
          {
            "problemtype": "Use hard-coded passwords (CWE-259) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004434"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27254"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.0,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-252/"
          },
          {
            "trust": 2.3,
            "url": "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27254"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-252"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004434"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1677"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27254"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-252",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004434",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1677",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27254",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-252",
            "ident": null
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004434",
            "ident": null
          },
          {
            "date": "2021-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1677",
            "ident": null
          },
          {
            "date": "2021-03-05T20:15:12.317000",
            "db": "NVD",
            "id": "CVE-2021-27254",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-252",
            "ident": null
          },
          {
            "date": "2021-11-22T06:02:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004434",
            "ident": null
          },
          {
            "date": "2022-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202102-1677",
            "ident": null
          },
          {
            "date": "2024-11-21T05:57:41.790000",
            "db": "NVD",
            "id": "CVE-2021-27254",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1677"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "NETGEAR\u00a0R7800\u00a0 Vulnerability in using hard-coded passwords in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004434"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202102-1677"
          }
        ],
        "trust": 0.6
      }
    }