This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:N/I:P/A:N
Vendors Products
Netgear
  • Rbk20
  • R9000
  • Br200 Firmware
  • Ex6150v2
  • Ex7320
  • Rbs10
  • Xr450 Firmware
  • Rbr20 Firmware
  • R7800 Firmware
  • R8900
  • Ex6250
  • Rbs10 Firmware
  • Rbs50
  • Ex6150v2 Firmware
  • Ex7320 Firmware
  • Rbk43
  • Rbk12
  • Rbk40 Firmware
  • Rbk44
  • Br500 Firmware
  • Ex6250 Firmware
  • Rbk44 Firmware
  • Rbs50y
  • Rbs50 Firmware
  • Ex7700
  • Rbk12 Firmware
  • Rbs50y Firmware
  • Ex8000 Firmware
  • Ex6400
  • Ex6400v2 Firmware
  • Ex6400v2
  • Br500
  • Lbr20
  • Rbk15
  • Rbk14
  • R9000 Firmware
  • Ex6410
  • Rbs40
  • Rbk13 Firmware
  • D7800 Firmware
  • Rbk23 Firmware
  • Rbk43 Firmware
  • Ex6400 Firmware
  • Rbk53 Firmware
  • Rbr10
  • Rbk13
  • Ex8000
  • Lbr20 Firmware
  • Rbk23
  • Rbk50
  • Rbr50
  • Ex6420 Firmware
  • Ex7300
  • Rbk43s
  • Rbk50 Firmware
  • Ex7300v2
  • Rbk14 Firmware
  • Ex6100v2 Firmware
  • Ex6100v2
  • Xr700
  • Xr500 Firmware
  • Ex6420
  • Rbr10 Firmware
  • Rbs20 Firmware
  • Rbr20
  • Xr700 Firmware
  • D7800
  • Rbr40 Firmware
  • Rbk53
  • Rbr40
  • Br200
  • Rbr50 Firmware
  • R7800
  • Ex7300 Firmware
  • Ex6410 Firmware
  • Xr450
  • Rbs20
  • Rbk15 Firmware
  • Rbk20 Firmware
  • Xr500
  • Ex7700 Firmware
  • R8900 Firmware
  • Rbk43s Firmware
  • Rbk40
  • Rbs40 Firmware
  • Ex7300v2 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND
cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND
cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND
cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND
cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND
cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND
cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND
cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND
cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND
cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND
cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND
cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*
References
Link Resource
https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders Patch Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-264/ Third Party Advisory VDB Entry
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: zdi

Published: 2021-03-05T20:00:26

Updated: 2021-03-05T20:00:26

Reserved: 2021-02-16T00:00:00

Link: CVE-2021-27257

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-03-05T20:15:12.660

Modified: 2021-03-17T14:04:45.537

Link: CVE-2021-27257

JSON object: View

cve-icon Redhat Information

No data.

CWE