Vulnerability Details : CVE-2021-31802
Public exploit exists!
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.
Vulnerability category: OverflowMemory CorruptionExecute code
Products affected by CVE-2021-31802
- cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-31802
4.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-31802
-
Netgear R7000 backup.cgi Heap Overflow RCE
Disclosure Date: 2021-04-21First seen: 2022-12-23auxiliary/admin/http/netgear_r7000_backup_cgi_heap_overflow_rceThis module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of Netgear R7000 routers running firmware version 1.0.11.116. Successful exploitation results in unauthenticated attackers gaining code execution as the root user. The exp
CVSS scores for CVE-2021-31802
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.3
|
HIGH | AV:A/AC:L/Au:N/C:C/I:C/A:C |
6.5
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2021-31802
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-31802
-
https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/
SSD Advisory – NETGEAR Nighthawk R7000 httpd PreAuth RCE - SSD Secure DisclosureExploit;Third Party Advisory
-
https://www.netgear.com/about/security/
Security Advisory | About Us | NETGEARVendor Advisory
Jump to