A Vulnerability in Multiple NETGEAR Products Could Allow for Arbitrary Code Execution
by CIRT Team
DESCRIPTION:
A vulnerability has been discovered in multiple NETGEAR products, which
could allow for arbitrary code execution. Successful exploitation of
this vulnerability could allow for arbitrary code execution in the
context of the root user. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
IMPACT:
RIMM researchers are reported to have an exploit capable of
compromising fully patched devices that are running the default
configuration.
SYSTEM AFFECTED:
* NetGear AirCards prior to firmware version 1.0.0.62
* NetGear Cable Modems prior to firmware version 2.1.3.5
* NetGear DSL Modem Routers D7000v2 and D6220 prior to firmware version
1.0.0.76
* NetGear DSL Modem Routers D6400 prior to firmware version 1.0.0.108
* NetGear DSL Modem Routers D6400 prior to firmware version 1.0.0.126
* NetGear Extenders EX3700 and EX3800 prior to firmware version 1.0.0.94
* NetGear Extenders EX6120 and EX6130 prior to firmware version 1.0.0.66
* NetGear Routers See NetGear release under references for full list of
patched firmware versions.
RECOMMENDATIONS:
A vulnerability has been discovered in multiple NETGEAR products, which
could allow for arbitrary code execution. The specific flaw exists
within the UPnP service, which listens on TCP port 5000 by default. When
parsing the uuid request header, the process does not properly validate
the length of user-supplied data prior to copying it to a fixed-length
stack-based buffer.
Successful exploitation of this vulnerability could allow for arbitrary
code execution in the context of the root user. An attacker could then
install programs; view, change, or delete data; or create new accounts
with full user rights.
REFERENCES:
https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168
https://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.11.16-netgear-upnp
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34991
Published: 10 January 2022, 17:26:29 BST
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
