CVE-2021-27254

CVSS V2 High 8.3 CVSS V3 High 8.8
Description
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.
Overview
  • CVE ID
  • CVE-2021-27254
  • Assigner
  • zdi-disclosures@trendmicro.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2021-03-05T20:15:12
  • Last Modified Date
  • 2022-04-25T17:48:00
Weakness Enumerations
CWE URL
CWE-798 http://cwe.mitre.org/data/definitions/798.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:* 1 OR 5.10.0.5
cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:* 1 OR 5.10.0.5
cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.1.60
cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.1.98
cpe:2.3:h:netgear:ex6100v2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.1.98
cpe:2.3:h:netgear:ex6150v2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.0.134
cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.2.158
cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.0.134
cpe:2.3:h:netgear:ex6400v2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.0.134
cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.0.134
cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.2.158
cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.0.134
cpe:2.3:h:netgear:ex7300v2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.0.134
cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.0.216
cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.1.232
cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.3.50
cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.2.80
cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.5.28
cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.5.28
cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:* 1 OR 2.7.2.104
cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:* 1 OR 2.7.2.104
cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:* 1 OR 2.7.2.104
cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:* 1 OR 2.7.2.104
cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:* 1 OR 2.7.2.104
cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:* 1 OR 2.7.2.104
cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:* 1 OR 2.7.2.104
cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:* 1 OR 2.7.2.104
cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:* 1 OR 2.7.2.104
cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:* 1 OR 2.6.2.104
cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:* 1 OR 2.3.2.114
cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:* 1 OR 2.3.2.114
cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.1.38
cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:A/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • ADJACENT_NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 8.3
  • Severity
  • HIGH
  • Exploitability Score
  • 6.5
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • ADJACENT_NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 8.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 2.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.zerodayinitiative.com/advisories/ZDI-21-252/ Third Party Advisory VDB Entry
https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders Patch Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-27254
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27254
History
Created Old Value New Value Data Type Notes
2022-05-10 06:26:50 Added to TrackCVE
2022-12-05 23:13:55 2021-03-05T20:15Z 2021-03-05T20:15:12 CVE Published Date updated
2022-12-05 23:13:55 2022-04-25T17:48:00 CVE Modified Date updated
2022-12-05 23:13:55 Analyzed Vulnerability Status updated