{"containers": {"cna": {"affected": [{"product": "R7800", "vendor": "NETGEAR", "versions": [{"status": "affected", "version": "firmware version 1.0.2.76"}]}], "credits": [{"lang": "en", "value": "atdog (@atdog_tw)"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-14T15:45:57", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-248/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "zdi-disclosures@trendmicro.com", "ID": "CVE-2021-27252", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "R7800", "version": {"version_data": [{"version_value": "firmware version 1.0.2.76"}]}}]}, "vendor_name": "NETGEAR"}]}}, "credit": "atdog (@atdog_tw)", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216."}]}, "impact": {"cvss": {"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]}, "references": {"reference_data": [{"name": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders", "refsource": "MISC", "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-248/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-248/"}]}}}}, "cveMetadata": {"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2021-27252", "datePublished": "2021-04-14T15:45:57", "dateReserved": "2021-02-16T00:00:00", "dateUpdated": "2021-04-14T15:45:57", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9680E98E-021B-4C71-AAA0-AEF49C6AD95F", "versionEndExcluding": "5.10.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*", "matchCriteriaId": "CED01605-09B9-417E-AE6F-1F62888A0C93", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "89EDAF30-2238-495C-920F-F32CC17C046B", "versionEndExcluding": "5.10.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*", "matchCriteriaId": "261C0D85-C951-4F0C-B9C4-0E42B15834EE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CBD5FC4-2EF7-49A9-8F23-C9398441E7BD", "versionEndExcluding": "1.0.1.60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA2D4987-3726-4A72-8D32-592F59FAC46D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "53C5C134-0778-4098-B8B4-F9589516C297", "versionEndExcluding": "1.0.1.98", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*", "matchCriteriaId": "88DD070C-7CBD-48A5-8D77-7C3D1C502D65", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EF79426-64C8-4FAB-A199-AB7CB82FCD53", "versionEndExcluding": "1.0.1.98", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*", "matchCriteriaId": "49846803-C6FB-4DD3-ADA7-78B9923536F2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0F8C423-2E5C-4A50-AF7B-AC67C3771DD3", "versionEndExcluding": "1.0.0.134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7694D0C-2CC6-4A6E-A251-5CBFC67D2AA9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A60E332-CA18-4617-B7C1-4BE82470DE34", "versionEndExcluding": "1.0.2.158", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*", "matchCriteriaId": "1289BBB4-1955-46A4-B5FE-BF11153C24F5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "208CF907-B3ED-4A7D-BA5B-16A00F44683D", "versionEndExcluding": "1.0.0.134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6400:v2:*:*:*:*:*:*:*", "matchCriteriaId": "946947C2-E4B2-4984-9233-4D4890E1BE07", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "74ED019D-C07A-44BE-BD3E-30885C748DDA", "versionEndExcluding": "1.0.0.134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*", "matchCriteriaId": "C63267D8-4632-4D14-B39C-BEEC62AD8F87", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34EB68F4-B710-47C9-A01B-A6361B185A19", "versionEndExcluding": "1.0.0.134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B2C00E1-4A23-4304-B92F-B7D9F4818D90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "374F6EAA-A607-4A8F-BA86-EA770BA99189", "versionEndExcluding": "1.0.2.158", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F285D60D-A5DA-4467-8F79-15EF8135D007", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E02DD6E2-3A3E-4857-9761-1B40FFA4E755", "versionEndExcluding": "1.0.0.134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex7300:v2:*:*:*:*:*:*:*", "matchCriteriaId": "A44B9FAB-7EC4-4B2B-B3E5-A372645AE661", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E53DAB63-389B-4B73-8F75-231320DC71C8", "versionEndExcluding": "1.0.0.134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1D4DF51-84EA-4296-9E06-CE5E1F4A53D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8DC1B77-994C-473C-AC97-7CC06341C607", "versionEndExcluding": "1.0.0.216", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D140E3B-9AE5-473A-82DE-9B9DBAE4C34A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4F00B47-FFC8-4D45-B49E-8347504A9A4C", "versionEndExcluding": "1.0.1.232", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D9781C9-799A-4BDA-A027-987627A01633", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "37C80013-2E0F-459F-BE08-18D60B109AC0", "versionEndExcluding": "2.6.3.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", "matchCriteriaId": "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A43D307-64B1-46BF-8237-75518D1703CC", "versionEndExcluding": "1.0.2.80", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", "matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "01F57C27-EB5A-4F3E-ADF7-684DF8860DA2", "versionEndExcluding": "1.0.5.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F859165-8D89-4CDD-9D48-9C7923D2261F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F67B805-17B5-4053-8399-0AFB2EF6E1D4", "versionEndExcluding": "1.0.5.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2135FFEC-0437-43C6-B146-3EF43E1B007B", "versionEndExcluding": "2.7.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5465A78-4826-4F72-9CBE-528CBF286A79", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A413E57-A780-486E-AF85-EE460C99D696", "versionEndExcluding": "2.7.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*", "matchCriteriaId": "783EEEE0-BB9A-4C54-82B2-046B1033091C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E9B0ED1-3D84-44A6-BA37-E5F8D0EBCB10", "versionEndExcluding": "2.7.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*", "matchCriteriaId": "4CD91050-5FE0-4810-8E6F-EF9B9B2F02E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E19C965E-FA8D-4B42-BCB1-23788621DF45", "versionEndExcluding": "2.7.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*", "matchCriteriaId": "B801EC38-5B86-49F2-AB81-63F0F07A9BBE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAA4BD93-AE89-4506-936F-26C605685193", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6C9F31C-3E12-4787-9C9B-14883D9D152A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33146BAB-5A18-4A1F-BDD8-3BB33200CDB2", "versionEndExcluding": "2.7.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*", "matchCriteriaId": "17D7D346-6F52-4473-A4EA-6059C177BF0F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "85AD5F45-F940-4FB5-B4D4-E44D816A3449", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*", "matchCriteriaId": "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "564B0FDF-7159-42EA-9CAA-BEF791274915", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC2B9C48-9FE6-462B-88EE-046F15E66430", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "998C6A17-5ADC-47F1-AF63-9B425143C086", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5604E66-E9CC-4B78-AF6A-2341B30E3594", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "252643DB-46F7-41E9-96E0-0669DD486E5F", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*", "matchCriteriaId": "1924FC8B-4031-4EA3-B214-AF6F77D94654", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FBFA62B-2EBC-426A-98DC-235879902E72", "versionEndExcluding": "2.7.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA66D07-D017-49D6-8E72-5C48E940DE1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "66034CFD-1303-4B90-AF70-18B7EDBEFE32", "versionEndExcluding": "2.7.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF03B2BB-34BB-4A0D-81CD-1841E524F885", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "237758B3-C096-465F-95C4-EB3F9835D91F", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "217B0E6E-BCC9-4D12-ADD4-E2C65323018B", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8E13FC6-D0BF-4674-8A3B-FF5D81B15059", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9E20E59-2B1E-4E43-A494-2C20FD716D4F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "82504AE8-4D6F-4A49-A611-FBFB303CD237", "versionEndExcluding": "2.7.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "41B066B3-37CD-4839-909B-A8EC636E5F11", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", "matchCriteriaId": "32BAB5C0-F645-4A90-833F-6345335FA1AF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CED8944-D61A-4FDA-A9DB-76CBED16F338", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", "matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDAE8049-9102-4B4A-A2CF-B6A2F638B4E3", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FDCDE39-0355-43B9-BF57-F3718DA2988D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0484BCA5-6DD3-43B9-BB83-24B6BF99C4AA", "versionEndExcluding": "2.7.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "56489CFF-D34F-4C66-B69B-FB2CE4333D75", "versionEndExcluding": "2.6.2.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*", "matchCriteriaId": "27F93A76-6EFF-4DA6-9129-4792E2C125D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF01111F-8A37-4366-A63E-210E6CE0DB0E", "versionEndExcluding": "2.3.2.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*", "matchCriteriaId": "66B9CE4D-D1EC-4F55-8226-D159CF5F3AB6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4476F0C6-0A7D-4735-940C-F5C75316EEE9", "versionEndExcluding": "2.3.2.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D92A0CE-769D-402F-8FD7-BDD8DF247CFD", "versionEndExcluding": "1.0.1.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*", "matchCriteriaId": "E12892C8-5E01-49A6-BF47-09D630377093", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216."}, {"lang": "es", "value": "Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de NETGEAR R7800 versiones de firmware 1.0.2.76. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico se presenta dentro del manejo del c\u00f3digo de operaci\u00f3n DHCP espec\u00edfico del proveedor. El problema resulta de una falta de comprobaci\u00f3n apropiada de una cadena suministrada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de root. Era ZDI-CAN-12216"}], "id": "CVE-2021-27252", "lastModified": "2021-04-27T14:49:52.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-14T16:15:13.737", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-248/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{}