Details of VAR-202109-1063

ID

VAR-202109-1063

CVE

CVE-2021-40847

TITLE

NETGEAR code injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-83558 // CNNVD: CNNVD-202109-1539

DESCRIPTION

The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default. This daemon connects to Circle and NETGEAR to obtain version information and updates to the circled daemon and its filtering database. However, database updates from NETGEAR are unsigned and downloaded via cleartext HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to circled update requests with a crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code. This affects R6400v2 1.0.4.106, R6700 1.0.2.16, R6700v3 1.0.4.106, R6900 1.0.2.16, R6900P 1.3.2.134, R7000 1.0.11.123, R7000P 1.3.2.134, R7850 1.0.5.68, R7900 1.0.4.38, R8000 1.0.4.68, and RS400 1.5.0.68. Netgear NETGEAR is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. NETGEAR routers has security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-40847 // CNVD: CNVD-2021-83558 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-40847

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-83558

AFFECTED PRODUCTS

vendor:	netgear	model:	r6400v2	scope:	eq	version:	1.0.4.106	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.2.16	Trust: 1.6
vendor:	netgear	model:	r6700v3	scope:	eq	version:	1.0.4.106	Trust: 1.6
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.2.16	Trust: 1.6
vendor:	netgear	model:	r6900p	scope:	eq	version:	1.3.2.134	Trust: 1.6
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.11.123	Trust: 1.6
vendor:	netgear	model:	r7000p	scope:	eq	version:	1.3.2.134	Trust: 1.6
vendor:	netgear	model:	r7850	scope:	eq	version:	1.0.5.68	Trust: 1.6
vendor:	netgear	model:	r7900	scope:	eq	version:	1.0.4.38	Trust: 1.6
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.4.68	Trust: 1.6
vendor:	netgear	model:	rs400	scope:	eq	version:	1.5.0.68	Trust: 1.6

sources: CNVD: CNVD-2021-83558 // NVD: CVE-2021-40847

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-40847
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-83558
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1539
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-40847
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-83558
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULMON:	CVE-2021-40847
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-83558 // VULMON: CVE-2021-40847 // NVD: CVE-2021-40847 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1539

PROBLEMTYPE DATA

problemtype:

CWE-319

Trust: 1.0

sources: NVD: CVE-2021-40847

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1539

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-40847

PATCH

title:	Patch for NETGEAR code injection vulnerability	url:	https://www.cnvd.org.cn/patchinfo/show/296256	Trust: 0.6
title:	NETGEAR Fixes for code injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=163585	Trust: 0.6
title:	-	url:	https://github.com/mehedi-babu/bug_bounty_begginer	Trust: 0.1
title:	bug-bounty-noob	url:	https://github.com/hetmehtaa/bug-bounty-noob	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/netgear-soho-security-bug-rce/174921/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/netgear-fixes-dangerous-code-execution-bug-in-multiple-routers/	Trust: 0.1

sources: CNVD: CNVD-2021-83558 // VULMON: CVE-2021-40847 // CNNVD: CNNVD-202109-1539

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40847	Trust: 2.3
db:	CNVD	id:	CNVD-2021-83558	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021092208	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1539	Trust: 0.6
db:	VULMON	id:	CVE-2021-40847	Trust: 0.1

sources: CNVD: CNVD-2021-83558 // VULMON: CVE-2021-40847 // NVD: CVE-2021-40847 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1539

REFERENCES

url:	https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html	Trust: 1.7
url:	https://kb.netgear.com/000064039/security-advisory-for-remote-code-execution-on-some-routers-psv-2021-0204	Trust: 1.7
url:	https://securityaffairs.co/wordpress/122486/hacking/cve-2021-40847-netgear-soho-routers.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40847-netgear-soho-routers	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092208	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40847	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/319.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/netgear-soho-security-bug-rce/174921/	Trust: 0.1

sources: CNVD: CNVD-2021-83558 // VULMON: CVE-2021-40847 // NVD: CVE-2021-40847 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1539

SOURCES

db:	CNVD	id:	CNVD-2021-83558
db:	VULMON	id:	CVE-2021-40847
db:	NVD	id:	CVE-2021-40847
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-1539

LAST UPDATE DATE

2023-12-18T11:21:50.365000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-83558	date:	2021-11-04T00:00:00
db:	VULMON	id:	CVE-2021-40847	date:	2021-10-07T00:00:00
db:	NVD	id:	CVE-2021-40847	date:	2021-10-07T19:23:47.950
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-1539	date:	2021-10-09T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-83558	date:	2021-09-24T00:00:00
db:	VULMON	id:	CVE-2021-40847	date:	2021-09-21T00:00:00
db:	NVD	id:	CVE-2021-40847	date:	2021-09-21T18:15:07.377
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-1539	date:	2021-09-21T00:00:00