Vulnerability-Lookup

CVE-2021-27255 (GCVE-0-2021-27255)

Vulnerability from cvelistv5 – Published: 2021-03-05 20:00 – Updated: 2024-08-03 20:48

Summary

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

zdi

References

URL

Tags

	https://kb.netgear.com/000062883/Security-Advisor…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	NETGEAR	R7800	Affected: firmware version 1.0.2.76

Credits

STARLabs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:48:16.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-263/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "R7800",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 1.0.2.76"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "STARLabs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T20:00:24",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-263/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2021-27255",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "R7800",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware version 1.0.2.76"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NETGEAR"
              }
            ]
          }
        },
        "credit": "STARLabs",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-306: Missing Authentication for Critical Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders",
              "refsource": "MISC",
              "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-263/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-263/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-27255",
    "datePublished": "2021-03-05T20:00:24",
    "dateReserved": "2021-02-16T00:00:00",
    "dateUpdated": "2024-08-03T20:48:16.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-27255\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2021-03-05T20:15:12.457\",\"lastModified\":\"2024-11-21T05:57:41.983\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.\"},{\"lang\":\"es\",\"value\":\"Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de NETGEAR R7800 versi\u00f3n de firmware 1.0.2.76.\u0026#xa0;No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad.\u0026#xa0;El fallo espec\u00edfico se presenta dentro del endpoint refresh_status.aspx.\u0026#xa0;El problema resulta de la falta de autenticaci\u00f3n necesaria para iniciar un servicio en el servidor.\u0026#xa0;Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de root.\u0026#xa0;Era ZDI-CAN-12360\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.0.5\",\"matchCriteriaId\":\"9680E98E-021B-4C71-AAA0-AEF49C6AD95F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED01605-09B9-417E-AE6F-1F62888A0C93\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.0.5\",\"matchCriteriaId\":\"89EDAF30-2238-495C-920F-F32CC17C046B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"261C0D85-C951-4F0C-B9C4-0E42B15834EE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.60\",\"matchCriteriaId\":\"6CBD5FC4-2EF7-49A9-8F23-C9398441E7BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA2D4987-3726-4A72-8D32-592F59FAC46D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.98\",\"matchCriteriaId\":\"53C5C134-0778-4098-B8B4-F9589516C297\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.98\",\"matchCriteriaId\":\"597D1ED8-FE6A-4325-83AB-5CA544CFA1AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5828F04B-E373-4E4F-942D-08CCA038418C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.2.158\",\"matchCriteriaId\":\"9A60E332-CA18-4617-B7C1-4BE82470DE34\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1289BBB4-1955-46A4-B5FE-BF11153C24F5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"208CF907-B3ED-4A7D-BA5B-16A00F44683D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5882095F-B22A-4937-BA08-6640140F10AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"74ED019D-C07A-44BE-BD3E-30885C748DDA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C63267D8-4632-4D14-B39C-BEEC62AD8F87\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"34EB68F4-B710-47C9-A01B-A6361B185A19\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B2C00E1-4A23-4304-B92F-B7D9F4818D90\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.2.158\",\"matchCriteriaId\":\"374F6EAA-A607-4A8F-BA86-EA770BA99189\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F285D60D-A5DA-4467-8F79-15EF8135D007\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"E02DD6E2-3A3E-4857-9761-1B40FFA4E755\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A88D2A3-3B22-4639-94E9-69CE80F37392\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.134\",\"matchCriteriaId\":\"E53DAB63-389B-4B73-8F75-231320DC71C8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0.216\",\"matchCriteriaId\":\"D8DC1B77-994C-473C-AC97-7CC06341C607\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.232\",\"matchCriteriaId\":\"B4F00B47-FFC8-4D45-B49E-8347504A9A4C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D9781C9-799A-4BDA-A027-987627A01633\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.3.50\",\"matchCriteriaId\":\"37C80013-2E0F-459F-BE08-18D60B109AC0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"863E45EA-2DA0-4C9A-9B87-79E42B3FF97C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.2.80\",\"matchCriteriaId\":\"3A43D307-64B1-46BF-8237-75518D1703CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17CF7445-6950-45FE-9D1A-E23F63316329\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.5.28\",\"matchCriteriaId\":\"01F57C27-EB5A-4F3E-ADF7-684DF8860DA2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F859165-8D89-4CDD-9D48-9C7923D2261F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.5.28\",\"matchCriteriaId\":\"8F67B805-17B5-4053-8399-0AFB2EF6E1D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"2135FFEC-0437-43C6-B146-3EF43E1B007B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5465A78-4826-4F72-9CBE-528CBF286A79\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"5A413E57-A780-486E-AF85-EE460C99D696\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"783EEEE0-BB9A-4C54-82B2-046B1033091C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"0E9B0ED1-3D84-44A6-BA37-E5F8D0EBCB10\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"E19C965E-FA8D-4B42-BCB1-23788621DF45\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B801EC38-5B86-49F2-AB81-63F0F07A9BBE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"DAA4BD93-AE89-4506-936F-26C605685193\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6C9F31C-3E12-4787-9C9B-14883D9D152A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"33146BAB-5A18-4A1F-BDD8-3BB33200CDB2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17D7D346-6F52-4473-A4EA-6059C177BF0F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"85AD5F45-F940-4FB5-B4D4-E44D816A3449\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"564B0FDF-7159-42EA-9CAA-BEF791274915\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC2B9C48-9FE6-462B-88EE-046F15E66430\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"998C6A17-5ADC-47F1-AF63-9B425143C086\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5604E66-E9CC-4B78-AF6A-2341B30E3594\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"252643DB-46F7-41E9-96E0-0669DD486E5F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1924FC8B-4031-4EA3-B214-AF6F77D94654\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"1FBFA62B-2EBC-426A-98DC-235879902E72\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BA66D07-D017-49D6-8E72-5C48E940DE1B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"66034CFD-1303-4B90-AF70-18B7EDBEFE32\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF03B2BB-34BB-4A0D-81CD-1841E524F885\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"237758B3-C096-465F-95C4-EB3F9835D91F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DADAA79-9A5C-4B6F-A58D-704ACD1C3334\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"217B0E6E-BCC9-4D12-ADD4-E2C65323018B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE5DBD66-9C2A-4EFF-87AB-03E791D584B5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"C8E13FC6-D0BF-4674-8A3B-FF5D81B15059\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E20E59-2B1E-4E43-A494-2C20FD716D4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"82504AE8-4D6F-4A49-A611-FBFB303CD237\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2CAEA32-6934-4743-9E6B-22D52AC5E7F8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"41B066B3-37CD-4839-909B-A8EC636E5F11\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32BAB5C0-F645-4A90-833F-6345335FA1AF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"9CED8944-D61A-4FDA-A9DB-76CBED16F338\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FDCDE39-0355-43B9-BF57-F3718DA2988D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2.104\",\"matchCriteriaId\":\"0484BCA5-6DD3-43B9-BB83-24B6BF99C4AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BCFD959-D522-4FA0-AD01-2937DAEE1EDF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2.104\",\"matchCriteriaId\":\"56489CFF-D34F-4C66-B69B-FB2CE4333D75\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27F93A76-6EFF-4DA6-9129-4792E2C125D4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.2.114\",\"matchCriteriaId\":\"FF01111F-8A37-4366-A63E-210E6CE0DB0E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.2.114\",\"matchCriteriaId\":\"4476F0C6-0A7D-4735-940C-F5C75316EEE9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.38\",\"matchCriteriaId\":\"1D92A0CE-769D-402F-8FD7-BDD8DF247CFD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E12892C8-5E01-49A6-BF47-09D630377093\"}]}]}],\"references\":[{\"url\":\"https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-263/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-263/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

GSD-2021-27255

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-27255

Aliases

CVE-2021-27255

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-27255",
    "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.",
    "id": "GSD-2021-27255"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-27255"
      ],
      "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.",
      "id": "GSD-2021-27255",
      "modified": "2023-12-13T01:23:36.139040Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "zdi-disclosures@trendmicro.com",
        "ID": "CVE-2021-27255",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "R7800",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware version 1.0.2.76"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NETGEAR"
            }
          ]
        }
      },
      "credit": "STARLabs",
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360."
          }
        ]
      },
      "impact": {
        "cvss": {
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-306: Missing Authentication for Critical Function"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders",
            "refsource": "MISC",
            "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-263/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-263/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.10.0.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.10.0.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.1.60",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.1.98",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.1.98",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.0.134",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.2.158",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.0.134",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.0.134",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.0.134",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.2.158",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.0.134",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.0.134",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.0.216",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.1.232",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.3.50",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.2.80",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.5.28",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.5.28",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.2.104",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.3.2.114",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.3.2.114",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.0.1.38",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2021-27255"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-263/"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-03-16T19:31Z",
      "publishedDate": "2021-03-05T20:15Z"
    }
  }
}

GHSA-H584-8P47-255W

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-27255"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-05T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.",
  "id": "GHSA-h584-8p47-255w",
  "modified": "2022-05-24T17:43:47Z",
  "published": "2022-05-24T17:43:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27255"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-263"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-202103-0946

Vulnerability from variot - Updated: 2024-11-23 22:33

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "rbk53",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.7.2.104"
      },
      {
        "_id": null,
        "model": "r9000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.5.28"
      },
      {
        "_id": null,
        "model": "ex6250",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.0.134"
      },
      {
        "_id": null,
        "model": "r7800",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.2.80"
      },
      {
        "_id": null,
        "model": "rbr20",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "r8900",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.5.28"
      },
      {
        "_id": null,
        "model": "rbk20",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "rbk40",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "ex6400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.2.158"
      },
      {
        "_id": null,
        "model": "rbs50",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.7.2.104"
      },
      {
        "_id": null,
        "model": "rbs10",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "rbk12",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.7.2.104"
      },
      {
        "_id": null,
        "model": "rbs40",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "d7800",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.1.60"
      },
      {
        "_id": null,
        "model": "ex6420",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.0.134"
      },
      {
        "_id": null,
        "model": "ex7300",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.2.158"
      },
      {
        "_id": null,
        "model": "ex6400v2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.0.134"
      },
      {
        "_id": null,
        "model": "ex7320",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.0.134"
      },
      {
        "_id": null,
        "model": "rbr50",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.7.2.104"
      },
      {
        "_id": null,
        "model": "rbk13",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.7.2.104"
      },
      {
        "_id": null,
        "model": "rbk23",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.7.2.104"
      },
      {
        "_id": null,
        "model": "br200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "5.10.0.5"
      },
      {
        "_id": null,
        "model": "rbk44",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "xr500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.3.2.114"
      },
      {
        "_id": null,
        "model": "lbr20",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.3.50"
      },
      {
        "_id": null,
        "model": "ex6150v2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.1.98"
      },
      {
        "_id": null,
        "model": "rbs20",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "ex6410",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.0.134"
      },
      {
        "_id": null,
        "model": "rbs50y",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "rbk50",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.7.2.104"
      },
      {
        "_id": null,
        "model": "xr450",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.3.2.114"
      },
      {
        "_id": null,
        "model": "br500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "5.10.0.5"
      },
      {
        "_id": null,
        "model": "rbk14",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.7.2.104"
      },
      {
        "_id": null,
        "model": "ex7300v2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.0.134"
      },
      {
        "_id": null,
        "model": "xr700",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.1.38"
      },
      {
        "_id": null,
        "model": "rbr40",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "ex6100v2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.1.98"
      },
      {
        "_id": null,
        "model": "rbk43",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "ex7700",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.0.216"
      },
      {
        "_id": null,
        "model": "rbr10",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "rbk43s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.6.2.104"
      },
      {
        "_id": null,
        "model": "ex8000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "1.0.1.232"
      },
      {
        "_id": null,
        "model": "rbk15",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "2.7.2.104"
      },
      {
        "_id": null,
        "model": "ex6150v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      },
      {
        "_id": null,
        "model": "ex6400v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      },
      {
        "_id": null,
        "model": "ex6100v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      },
      {
        "_id": null,
        "model": "d7800",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      },
      {
        "_id": null,
        "model": "br200",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      },
      {
        "_id": null,
        "model": "ex6250",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      },
      {
        "_id": null,
        "model": "ex6420",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      },
      {
        "_id": null,
        "model": "ex6410",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      },
      {
        "_id": null,
        "model": "ex6400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      },
      {
        "_id": null,
        "model": "br500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
        "version": null
      },
      {
        "_id": null,
        "model": "r7800",
        "scope": null,
        "trust": 0.7,
        "vendor": "netgear",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004433"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27255"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "STARLabs",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-263"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2021-27255",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2021-27255",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-27255",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "zdi-disclosures@trendmicro.com",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-27255",
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-27255",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "ZDI",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-27255",
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-27255",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "zdi-disclosures@trendmicro.com",
            "id": "CVE-2021-27255",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-27255",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2021-27255",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-1751",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004433"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1751"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27255"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27255"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360. Zero Day Initiative To this vulnerability ZDI-CAN-12360 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27255"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004433"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-263"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-27255",
        "trust": 3.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-263",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004433",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12360",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1751",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004433"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1751"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27255"
      }
    ]
  },
  "id": "VAR-202103-0946",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.26161140789473686
  },
  "last_update_date": "2024-11-23T22:33:06.689000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Security\u00a0Advisory\u00a0for\u00a0Multiple\u00a0Vulnerabilities\u00a0on\u00a0Some\u00a0Routers,\u00a0Satellites,\u00a0and\u00a0Extenders",
        "trust": 1.5,
        "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
      },
      {
        "title": "NETGEAR Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142982"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004433"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1751"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of authentication for important features (CWE-306) [ Other ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004433"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27255"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 3.0,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-263/"
      },
      {
        "trust": 2.3,
        "url": "https://kb.netgear.com/000062883/security-advisory-for-multiple-vulnerabilities-on-some-routers-satellites-and-extenders"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27255"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004433"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1751"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27255"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-263",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004433",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1751",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27255",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-02-26T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-263",
        "ident": null
      },
      {
        "date": "2021-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-004433",
        "ident": null
      },
      {
        "date": "2021-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1751",
        "ident": null
      },
      {
        "date": "2021-03-05T20:15:12.457000",
        "db": "NVD",
        "id": "CVE-2021-27255",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-02-26T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-263",
        "ident": null
      },
      {
        "date": "2021-11-22T05:55:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-004433",
        "ident": null
      },
      {
        "date": "2021-03-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-1751",
        "ident": null
      },
      {
        "date": "2024-11-21T05:57:41.983000",
        "db": "NVD",
        "id": "CVE-2021-27255",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1751"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "NETGEAR\u00a0R7800\u00a0 Vulnerability regarding lack of authentication for important functions in firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004433"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-1751"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2021-27255

Vulnerability from fkie_nvd - Published: 2021-03-05 20:15 - Updated: 2024-11-21 05:57

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
zdi-disclosures@trendmicro.com	https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders	Patch, Vendor Advisory
zdi-disclosures@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-21-263/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-263/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
netgear	br200_firmware	*
netgear	br200	-
netgear	br500_firmware	*
netgear	br500	-
netgear	d7800_firmware	*
netgear	d7800	-
netgear	ex6100v2_firmware	*
netgear	ex6100v2	-
netgear	ex6150v2_firmware	*
netgear	ex6150v2	-
netgear	ex6250_firmware	*
netgear	ex6250	-
netgear	ex6400_firmware	*
netgear	ex6400	-
netgear	ex6400v2_firmware	*
netgear	ex6400v2	-
netgear	ex6410_firmware	*
netgear	ex6410	-
netgear	ex6420_firmware	*
netgear	ex6420	-
netgear	ex7300_firmware	*
netgear	ex7300	-
netgear	ex7300v2_firmware	*
netgear	ex7300v2	-
netgear	ex7320_firmware	*
netgear	ex7320	-
netgear	ex7700_firmware	*
netgear	ex7700	-
netgear	ex8000_firmware	*
netgear	ex8000	-
netgear	lbr20_firmware	*
netgear	lbr20	-
netgear	r7800_firmware	*
netgear	r7800	-
netgear	r8900_firmware	*
netgear	r8900	-
netgear	r9000_firmware	*
netgear	r9000	-
netgear	rbk12_firmware	*
netgear	rbk12	-
netgear	rbk13_firmware	*
netgear	rbk13	-
netgear	rbk14_firmware	*
netgear	rbk14	-
netgear	rbk15_firmware	*
netgear	rbk15	-
netgear	rbk20_firmware	*
netgear	rbk20	-
netgear	rbk23_firmware	*
netgear	rbk23	-
netgear	rbk40_firmware	*
netgear	rbk40	-
netgear	rbk43_firmware	*
netgear	rbk43	-
netgear	rbk43s_firmware	*
netgear	rbk43s	-
netgear	rbk44_firmware	*
netgear	rbk44	-
netgear	rbk50_firmware	*
netgear	rbk50	-
netgear	rbk53_firmware	*
netgear	rbk53	-
netgear	rbr10_firmware	*
netgear	rbr10	-
netgear	rbr20_firmware	*
netgear	rbr20	-
netgear	rbr40_firmware	*
netgear	rbr40	-
netgear	rbr50_firmware	*
netgear	rbr50	-
netgear	rbs10_firmware	*
netgear	rbs10	-
netgear	rbs20_firmware	*
netgear	rbs20	-
netgear	rbs40_firmware	*
netgear	rbs40	-
netgear	rbs50_firmware	*
netgear	rbs50	-
netgear	rbs50y_firmware	*
netgear	rbs50y	-
netgear	xr450_firmware	*
netgear	xr450	-
netgear	xr500_firmware	*
netgear	xr500	-
netgear	xr700_firmware	*
netgear	xr700	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9680E98E-021B-4C71-AAA0-AEF49C6AD95F",
              "versionEndExcluding": "5.10.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CED01605-09B9-417E-AE6F-1F62888A0C93",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89EDAF30-2238-495C-920F-F32CC17C046B",
              "versionEndExcluding": "5.10.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "261C0D85-C951-4F0C-B9C4-0E42B15834EE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBD5FC4-2EF7-49A9-8F23-C9398441E7BD",
              "versionEndExcluding": "1.0.1.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA2D4987-3726-4A72-8D32-592F59FAC46D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53C5C134-0778-4098-B8B4-F9589516C297",
              "versionEndExcluding": "1.0.1.98",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DCFF79A-8ACE-455B-90F3-FFC745E8BAD4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "597D1ED8-FE6A-4325-83AB-5CA544CFA1AF",
              "versionEndExcluding": "1.0.1.98",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5828F04B-E373-4E4F-942D-08CCA038418C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3",
              "versionEndExcluding": "1.0.0.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A60E332-CA18-4617-B7C1-4BE82470DE34",
              "versionEndExcluding": "1.0.2.158",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1289BBB4-1955-46A4-B5FE-BF11153C24F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "208CF907-B3ED-4A7D-BA5B-16A00F44683D",
              "versionEndExcluding": "1.0.0.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5882095F-B22A-4937-BA08-6640140F10AE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74ED019D-C07A-44BE-BD3E-30885C748DDA",
              "versionEndExcluding": "1.0.0.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C63267D8-4632-4D14-B39C-BEEC62AD8F87",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34EB68F4-B710-47C9-A01B-A6361B185A19",
              "versionEndExcluding": "1.0.0.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B2C00E1-4A23-4304-B92F-B7D9F4818D90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "374F6EAA-A607-4A8F-BA86-EA770BA99189",
              "versionEndExcluding": "1.0.2.158",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F285D60D-A5DA-4467-8F79-15EF8135D007",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E02DD6E2-3A3E-4857-9761-1B40FFA4E755",
              "versionEndExcluding": "1.0.0.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A88D2A3-3B22-4639-94E9-69CE80F37392",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E53DAB63-389B-4B73-8F75-231320DC71C8",
              "versionEndExcluding": "1.0.0.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8DC1B77-994C-473C-AC97-7CC06341C607",
              "versionEndExcluding": "1.0.0.216",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F00B47-FFC8-4D45-B49E-8347504A9A4C",
              "versionEndExcluding": "1.0.1.232",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9781C9-799A-4BDA-A027-987627A01633",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C80013-2E0F-459F-BE08-18D60B109AC0",
              "versionEndExcluding": "2.6.3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A43D307-64B1-46BF-8237-75518D1703CC",
              "versionEndExcluding": "1.0.2.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01F57C27-EB5A-4F3E-ADF7-684DF8860DA2",
              "versionEndExcluding": "1.0.5.28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F859165-8D89-4CDD-9D48-9C7923D2261F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F67B805-17B5-4053-8399-0AFB2EF6E1D4",
              "versionEndExcluding": "1.0.5.28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2135FFEC-0437-43C6-B146-3EF43E1B007B",
              "versionEndExcluding": "2.7.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5465A78-4826-4F72-9CBE-528CBF286A79",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A413E57-A780-486E-AF85-EE460C99D696",
              "versionEndExcluding": "2.7.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "783EEEE0-BB9A-4C54-82B2-046B1033091C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E9B0ED1-3D84-44A6-BA37-E5F8D0EBCB10",
              "versionEndExcluding": "2.7.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19C965E-FA8D-4B42-BCB1-23788621DF45",
              "versionEndExcluding": "2.7.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B801EC38-5B86-49F2-AB81-63F0F07A9BBE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA4BD93-AE89-4506-936F-26C605685193",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C9F31C-3E12-4787-9C9B-14883D9D152A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33146BAB-5A18-4A1F-BDD8-3BB33200CDB2",
              "versionEndExcluding": "2.7.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D7D346-6F52-4473-A4EA-6059C177BF0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85AD5F45-F940-4FB5-B4D4-E44D816A3449",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "564B0FDF-7159-42EA-9CAA-BEF791274915",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC2B9C48-9FE6-462B-88EE-046F15E66430",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "998C6A17-5ADC-47F1-AF63-9B425143C086",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5604E66-E9CC-4B78-AF6A-2341B30E3594",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "252643DB-46F7-41E9-96E0-0669DD486E5F",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1924FC8B-4031-4EA3-B214-AF6F77D94654",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBFA62B-2EBC-426A-98DC-235879902E72",
              "versionEndExcluding": "2.7.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA66D07-D017-49D6-8E72-5C48E940DE1B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66034CFD-1303-4B90-AF70-18B7EDBEFE32",
              "versionEndExcluding": "2.7.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF03B2BB-34BB-4A0D-81CD-1841E524F885",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "237758B3-C096-465F-95C4-EB3F9835D91F",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "217B0E6E-BCC9-4D12-ADD4-E2C65323018B",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8E13FC6-D0BF-4674-8A3B-FF5D81B15059",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E20E59-2B1E-4E43-A494-2C20FD716D4F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82504AE8-4D6F-4A49-A611-FBFB303CD237",
              "versionEndExcluding": "2.7.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41B066B3-37CD-4839-909B-A8EC636E5F11",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32BAB5C0-F645-4A90-833F-6345335FA1AF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CED8944-D61A-4FDA-A9DB-76CBED16F338",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FDCDE39-0355-43B9-BF57-F3718DA2988D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0484BCA5-6DD3-43B9-BB83-24B6BF99C4AA",
              "versionEndExcluding": "2.7.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56489CFF-D34F-4C66-B69B-FB2CE4333D75",
              "versionEndExcluding": "2.6.2.104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27F93A76-6EFF-4DA6-9129-4792E2C125D4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF01111F-8A37-4366-A63E-210E6CE0DB0E",
              "versionEndExcluding": "2.3.2.114",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4476F0C6-0A7D-4735-940C-F5C75316EEE9",
              "versionEndExcluding": "2.3.2.114",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D92A0CE-769D-402F-8FD7-BDD8DF247CFD",
              "versionEndExcluding": "1.0.1.38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E12892C8-5E01-49A6-BF47-09D630377093",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360."
    },
    {
      "lang": "es",
      "value": "Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de NETGEAR R7800 versi\u00f3n de firmware 1.0.2.76.\u0026#xa0;No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad.\u0026#xa0;El fallo espec\u00edfico se presenta dentro del endpoint refresh_status.aspx.\u0026#xa0;El problema resulta de la falta de autenticaci\u00f3n necesaria para iniciar un servicio en el servidor.\u0026#xa0;Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de root.\u0026#xa0;Era ZDI-CAN-12360"
    }
  ],
  "id": "CVE-2021-27255",
  "lastModified": "2024-11-21T05:57:41.983",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T20:15:12.457",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-263/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-263/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-27255 (GCVE-0-2021-27255)

GSD-2021-27255

GHSA-H584-8P47-255W

VAR-202103-0946

FKIE_CVE-2021-27255

Tags

Sightings

Nomenclature