This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.01148.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
NETGEAR Multiple Routers affected
Version Status Constraints
1.2.0.76_1.0.1 affected

Configuration 1 [-]

AND
cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netgear:d7000v1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7000v1:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Netgear Subscribe
Ac2100 Subscribe
Ac2100 Firmware Subscribe
Ac2400 Subscribe
Ac2400 Firmware Subscribe
Ac2600 Subscribe
Ac2600 Firmware Subscribe
D7000v1 Subscribe
D7000v1 Firmware Subscribe
R6220 Subscribe
R6220 Firmware Subscribe
R6230 Subscribe
R6230 Firmware Subscribe
R6260 Subscribe
R6260 Firmware Subscribe
R6330 Subscribe
R6330 Firmware Subscribe
R6350 Subscribe
R6350 Firmware Subscribe
R6700v2 Subscribe
R6700v2 Firmware Subscribe
R6800 Subscribe
R6800 Firmware Subscribe
R6850 Subscribe
R6850 Firmware Subscribe
R6900v2 Subscribe
R6900v2 Firmware Subscribe
R7200 Subscribe
R7200 Firmware Subscribe
R7350 Subscribe
R7350 Firmware Subscribe
R7400 Subscribe
R7400 Firmware Subscribe
R7450 Subscribe
R7450 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2021-21512 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955 cve-icon cve-icon
https://www.zerodayinitiative.com/advisories/ZDI-21-1051/ cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2024-08-04T00:26:54.213Z

Reserved: 2021-06-17T00:00:00

Link: CVE-2021-34865

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-25T16:15:08.383

Modified: 2024-11-21T06:11:22.170

Link: CVE-2021-34865

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses