Vulnerability Details CVE-2021-27256
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 8.3
References
- https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders
- https://www.zerodayinitiative.com/advisories/ZDI-21-262/
- https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders
- https://www.zerodayinitiative.com/advisories/ZDI-21-262/
Products affected by CVE-2021-27256
-
cpe:2.3:h:netgear:br200:-
-
cpe:2.3:h:netgear:br500:-
-
cpe:2.3:h:netgear:d7800:-
-
cpe:2.3:h:netgear:ex6100v2:-
-
cpe:2.3:h:netgear:ex6150v2:-
-
cpe:2.3:h:netgear:ex6250:-
-
cpe:2.3:h:netgear:ex6400:-
-
cpe:2.3:h:netgear:ex6400v2:-
-
cpe:2.3:h:netgear:ex6410:-
-
cpe:2.3:h:netgear:ex6420:-
-
cpe:2.3:h:netgear:ex7300:-
-
cpe:2.3:h:netgear:ex7300v2:-
-
cpe:2.3:h:netgear:ex7320:-
-
cpe:2.3:h:netgear:ex7700:-
-
cpe:2.3:h:netgear:ex8000:-
-
cpe:2.3:h:netgear:lbr20:-
-
cpe:2.3:h:netgear:r7800:-
-
cpe:2.3:h:netgear:r8900:-
-
cpe:2.3:h:netgear:r9000:-
-
cpe:2.3:h:netgear:rbk12:-
-
cpe:2.3:h:netgear:rbk13:-
-
cpe:2.3:h:netgear:rbk14:-
-
cpe:2.3:h:netgear:rbk15:-
-
cpe:2.3:h:netgear:rbk20:-
-
cpe:2.3:h:netgear:rbk23:-
-
cpe:2.3:h:netgear:rbk40:-
-
cpe:2.3:h:netgear:rbk43:-
-
cpe:2.3:h:netgear:rbk43s:-
-
cpe:2.3:h:netgear:rbk44:-
-
cpe:2.3:h:netgear:rbk50:-
-
cpe:2.3:h:netgear:rbk53:-
-
cpe:2.3:h:netgear:rbr10:-
-
cpe:2.3:h:netgear:rbr20:-
-
cpe:2.3:h:netgear:rbr40:-
-
cpe:2.3:h:netgear:rbr50:-
-
cpe:2.3:h:netgear:rbs10:-
-
cpe:2.3:h:netgear:rbs20:-
-
cpe:2.3:h:netgear:rbs40:-
-
cpe:2.3:h:netgear:rbs50:-
-
cpe:2.3:h:netgear:rbs50y:-
-
cpe:2.3:h:netgear:xr450:-
-
cpe:2.3:h:netgear:xr500:-
-
cpe:2.3:h:netgear:xr700:-
-
cpe:2.3:o:netgear:br200_firmware:*
-
cpe:2.3:o:netgear:br500_firmware:*
-
cpe:2.3:o:netgear:d7800_firmware:-
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.22
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.24
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.28
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.30
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.31
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.34
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.40
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.42
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.44
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.47
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.56
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.58
-
cpe:2.3:o:netgear:ex6100v2_firmware:1.0.1.76
-
cpe:2.3:o:netgear:ex6100v2_firmware:1.0.1.94
-
cpe:2.3:o:netgear:ex6150v2_firmware:1.0.1.76
-
cpe:2.3:o:netgear:ex6150v2_firmware:1.0.1.94
-
cpe:2.3:o:netgear:ex6250_firmware:-
-
cpe:2.3:o:netgear:ex6250_firmware:1.0.0.128
-
cpe:2.3:o:netgear:ex6250_firmware:1.0.0.132
-
cpe:2.3:o:netgear:ex6400_firmware:-
-
cpe:2.3:o:netgear:ex6400_firmware:1.0.0.132
-
cpe:2.3:o:netgear:ex6400_firmware:1.0.1.60
-
cpe:2.3:o:netgear:ex6400_firmware:1.0.1.72
-
cpe:2.3:o:netgear:ex6400_firmware:1.0.1.78
-
cpe:2.3:o:netgear:ex6400_firmware:1.0.2.136
-
cpe:2.3:o:netgear:ex6400_firmware:1.0.2.140
-
cpe:2.3:o:netgear:ex6400_firmware:1.0.2.152
-
cpe:2.3:o:netgear:ex6400v2_firmware:1.0.0.128
-
cpe:2.3:o:netgear:ex6410_firmware:-
-
cpe:2.3:o:netgear:ex6410_firmware:1.0.0.128
-
cpe:2.3:o:netgear:ex6410_firmware:1.0.0.132
-
cpe:2.3:o:netgear:ex6420_firmware:-
-
cpe:2.3:o:netgear:ex6420_firmware:1.0.0.132
-
cpe:2.3:o:netgear:ex7300_firmware:-
-
cpe:2.3:o:netgear:ex7300_firmware:1.0.1
-
cpe:2.3:o:netgear:ex7300_firmware:1.0.1.60
-
cpe:2.3:o:netgear:ex7300_firmware:1.0.1.62
-
cpe:2.3:o:netgear:ex7300_firmware:1.0.1.72
-
cpe:2.3:o:netgear:ex7300_firmware:1.0.1.78
-
cpe:2.3:o:netgear:ex7300_firmware:1.0.2.136
-
cpe:2.3:o:netgear:ex7300_firmware:1.0.2.140
-
cpe:2.3:o:netgear:ex7300_firmware:1.0.2.152
-
cpe:2.3:o:netgear:ex7300v2_firmware:1.0.0.128
-
cpe:2.3:o:netgear:ex7320_firmware:-
-
cpe:2.3:o:netgear:ex7320_firmware:1.0.0.128
-
cpe:2.3:o:netgear:ex7700_firmware:-
-
cpe:2.3:o:netgear:ex7700_firmware:1.0.0.210
-
cpe:2.3:o:netgear:ex8000_firmware:-
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.0.102
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.0.114
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.0.118
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.1.180
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.1.186
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.1.224
-
cpe:2.3:o:netgear:lbr20_firmware:*
-
cpe:2.3:o:netgear:r7800_firmware:-
-
cpe:2.3:o:netgear:r7800_firmware:1.0.1.30
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.16
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.28
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.30
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.32
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.36
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.38
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.40
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.42
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.44
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.46
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.52
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.58
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.60
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.62
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.68
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.74
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.78
-
cpe:2.3:o:netgear:r8900_firmware:-
-
cpe:2.3:o:netgear:r8900_firmware:1.0.2.60
-
cpe:2.3:o:netgear:r8900_firmware:1.0.3.10
-
cpe:2.3:o:netgear:r8900_firmware:1.0.3.6
-
cpe:2.3:o:netgear:r8900_firmware:1.0.4.12
-
cpe:2.3:o:netgear:r8900_firmware:1.0.4.2
-
cpe:2.3:o:netgear:r8900_firmware:1.0.4.26
-
cpe:2.3:o:netgear:r8900_firmware:1.0.4.28
-
cpe:2.3:o:netgear:r8900_firmware:1.0.5.18
-
cpe:2.3:o:netgear:r8900_firmware:1.0.5.2
-
cpe:2.3:o:netgear:r8900_firmware:1.0.5.24
-
cpe:2.3:o:netgear:r8900_firmware:1.0.5.26
-
cpe:2.3:o:netgear:r9000_firmware:-
-
cpe:2.3:o:netgear:r9000_firmware:1.0.2.30
-
cpe:2.3:o:netgear:r9000_firmware:1.0.2.4
-
cpe:2.3:o:netgear:r9000_firmware:1.0.2.40
-
cpe:2.3:o:netgear:r9000_firmware:1.0.2.52
-
cpe:2.3:o:netgear:r9000_firmware:1.0.3.10
-
cpe:2.3:o:netgear:r9000_firmware:1.0.3.16
-
cpe:2.3:o:netgear:r9000_firmware:1.0.3.6
-
cpe:2.3:o:netgear:r9000_firmware:1.0.4.12
-
cpe:2.3:o:netgear:r9000_firmware:1.0.4.2
-
cpe:2.3:o:netgear:r9000_firmware:1.0.4.26
-
cpe:2.3:o:netgear:r9000_firmware:1.0.4.28
-
cpe:2.3:o:netgear:r9000_firmware:1.0.4.8
-
cpe:2.3:o:netgear:r9000_firmware:1.0.5.18
-
cpe:2.3:o:netgear:r9000_firmware:1.0.5.2
-
cpe:2.3:o:netgear:r9000_firmware:1.0.5.24
-
cpe:2.3:o:netgear:r9000_firmware:1.0.5.26
-
cpe:2.3:o:netgear:rbk12_firmware:-
-
cpe:2.3:o:netgear:rbk12_firmware:2.6.1.44
-
cpe:2.3:o:netgear:rbk13_firmware:2.6.1.44
-
cpe:2.3:o:netgear:rbk14_firmware:2.6.1.44
-
cpe:2.3:o:netgear:rbk15_firmware:2.6.1.44
-
cpe:2.3:o:netgear:rbk20_firmware:-
-
cpe:2.3:o:netgear:rbk20_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbk20_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbk20_firmware:2.3.5.26
-
cpe:2.3:o:netgear:rbk20_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbk20_firmware:2.6.1.38
-
cpe:2.3:o:netgear:rbk23_firmware:*
-
cpe:2.3:o:netgear:rbk40_firmware:-
-
cpe:2.3:o:netgear:rbk40_firmware:2.1.4.10
-
cpe:2.3:o:netgear:rbk40_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbk40_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbk40_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbk40_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbk40_firmware:2.6.1.38
-
cpe:2.3:o:netgear:rbk43_firmware:*
-
cpe:2.3:o:netgear:rbk43s_firmware:*
-
cpe:2.3:o:netgear:rbk44_firmware:*
-
cpe:2.3:o:netgear:rbk50_firmware:-
-
cpe:2.3:o:netgear:rbk50_firmware:2.1.4.10
-
cpe:2.3:o:netgear:rbk50_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbk50_firmware:2.3.0.32
-
cpe:2.3:o:netgear:rbk50_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbk50_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbk50_firmware:2.6.1.40
-
cpe:2.3:o:netgear:rbk50_firmware:2.7.2.102
-
cpe:2.3:o:netgear:rbk53_firmware:*
-
cpe:2.3:o:netgear:rbr10_firmware:2.6.1.44
-
cpe:2.3:o:netgear:rbr20_firmware:-
-
cpe:2.3:o:netgear:rbr20_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbr20_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbr20_firmware:2.3.5.26
-
cpe:2.3:o:netgear:rbr20_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbr20_firmware:2.6.1.36
-
cpe:2.3:o:netgear:rbr40_firmware:-
-
cpe:2.3:o:netgear:rbr40_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbr40_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbr40_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbr40_firmware:2.6.1.36
-
cpe:2.3:o:netgear:rbr40_firmware:2.6.1.38
-
cpe:2.3:o:netgear:rbr50_firmware:-
-
cpe:2.3:o:netgear:rbr50_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbr50_firmware:2.3.0.32
-
cpe:2.3:o:netgear:rbr50_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbr50_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbr50_firmware:2.6.1.40
-
cpe:2.3:o:netgear:rbr50_firmware:2.7.2.102
-
cpe:2.3:o:netgear:rbs10_firmware:2.6.1.44
-
cpe:2.3:o:netgear:rbs20_firmware:-
-
cpe:2.3:o:netgear:rbs20_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbs20_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbs20_firmware:2.3.5.26
-
cpe:2.3:o:netgear:rbs20_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbs20_firmware:2.6.1.38
-
cpe:2.3:o:netgear:rbs40_firmware:-
-
cpe:2.3:o:netgear:rbs40_firmware:2.1.4.10
-
cpe:2.3:o:netgear:rbs40_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbs40_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbs40_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbs40_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbs40_firmware:2.6.1.38
-
cpe:2.3:o:netgear:rbs50_firmware:-
-
cpe:2.3:o:netgear:rbs50_firmware:2.1.4.10
-
cpe:2.3:o:netgear:rbs50_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbs50_firmware:2.3.0.32
-
cpe:2.3:o:netgear:rbs50_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbs50_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbs50_firmware:2.6.1.40
-
cpe:2.3:o:netgear:rbs50_firmware:2.7.2.102
-
cpe:2.3:o:netgear:rbs50y_firmware:1.0.0.56
-
cpe:2.3:o:netgear:rbs50y_firmware:2.5.1.106
-
cpe:2.3:o:netgear:rbs50y_firmware:2.6.1.40
-
cpe:2.3:o:netgear:xr450_firmware:-
-
cpe:2.3:o:netgear:xr450_firmware:2.3.2.32
-
cpe:2.3:o:netgear:xr450_firmware:2.3.2.40
-
cpe:2.3:o:netgear:xr450_firmware:2.3.2.66
-
cpe:2.3:o:netgear:xr500_firmware:-
-
cpe:2.3:o:netgear:xr500_firmware:2.3.2.22
-
cpe:2.3:o:netgear:xr500_firmware:2.3.2.32
-
cpe:2.3:o:netgear:xr500_firmware:2.3.2.40
-
cpe:2.3:o:netgear:xr500_firmware:2.3.2.56
-
cpe:2.3:o:netgear:xr500_firmware:2.3.2.66
-
cpe:2.3:o:netgear:xr700_firmware:-
-
cpe:2.3:o:netgear:xr700_firmware:1.0.1.10
-
cpe:2.3:o:netgear:xr700_firmware:1.0.1.20
-
cpe:2.3:o:netgear:xr700_firmware:1.0.1.34
-
cpe:2.3:o:netgear:xr700_firmware:1.0.1.36