Sign-up

ID

VAR-202109-1948


CVE

CVE-2021-34947


TITLE

Out-of-bounds write vulnerability in multiple Netgear products

Trust: 0.8

sources: JVNDB: JVNDB-2021-021936

DESCRIPTION

NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13055. D7800 firmware, EX2700 firmware, EX6100 Multiple Netgear products, including firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR R7800 is an AC2600 dual-band router released by NETGEAR. It supports simultaneous data transmission between multiple devices and achieves a maximum wireless transmission rate of 2.53 Gbps

Trust: 2.88

sources: NVD: CVE-2021-34947 // JVNDB: JVNDB-2021-021936 // ZDI: ZDI-21-1116 // CNVD: CNVD-2025-18550 // VULMON: CVE-2021-34947

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-18550

AFFECTED PRODUCTS

vendor:netgearmodel:r7800scope: - version: -

Trust: 1.3

vendor:netgearmodel:rbs50scope:ltversion:2.7.4.24

Trust: 1.0

vendor:netgearmodel:r7800scope:ltversion:1.0.2.84

Trust: 1.0

vendor:netgearmodel:lbr20scope:ltversion:2.6.5.32

Trust: 1.0

vendor:netgearmodel:rbr40scope:ltversion:2.7.4.24

Trust: 1.0

vendor:netgearmodel:ex6200scope:ltversion:1.0.1.86

Trust: 1.0

vendor:netgearmodel:wnr2000v5scope:ltversion:1.0.0.78

Trust: 1.0

vendor:netgearmodel:ex6150scope:ltversion:1.0.1.106

Trust: 1.0

vendor:netgearmodel:ex6400scope:ltversion:1.0.2.164

Trust: 1.0

vendor:netgearmodel:rbs10scope:ltversion:2.7.4.24

Trust: 1.0

vendor:netgearmodel:rbs40scope:ltversion:2.7.4.24

Trust: 1.0

vendor:netgearmodel:ex6420scope:ltversion:1.0.0.146

Trust: 1.0

vendor:netgearmodel:d7800scope:ltversion:1.0.1.64

Trust: 1.0

vendor:netgearmodel:rax78scope:ltversion:1.0.5.108

Trust: 1.0

vendor:netgearmodel:xr700scope:ltversion:1.0.1.44

Trust: 1.0

vendor:netgearmodel:ex7300scope:ltversion:1.0.2.164

Trust: 1.0

vendor:netgearmodel:rax70scope:ltversion:1.0.5.108

Trust: 1.0

vendor:netgearmodel:ex7700scope:ltversion:1.0.0.222

Trust: 1.0

vendor:netgearmodel:ex7320scope:ltversion:1.0.0.146

Trust: 1.0

vendor:netgearmodel:ex6400v2scope:ltversion:1.0.0.146

Trust: 1.0

vendor:netgearmodel:ex6410scope:ltversion:1.0.0.146

Trust: 1.0

vendor:netgearmodel:rbr10scope:ltversion:2.7.4.24

Trust: 1.0

vendor:netgearmodel:rax120scope:ltversion:1.2.2.24

Trust: 1.0

vendor:netgearmodel:r6700axscope:ltversion:1.0.5.108

Trust: 1.0

vendor:netgearmodel:rax10scope:ltversion:1.0.5.108

Trust: 1.0

vendor:netgearmodel:rbs20scope:ltversion:2.7.4.24

Trust: 1.0

vendor:netgearmodel:ex2700scope:ltversion:1.0.1.66

Trust: 1.0

vendor:netgearmodel:rax120v2scope:ltversion:1.2.2.24

Trust: 1.0

vendor:netgearmodel:r9000scope:ltversion:1.0.5.36

Trust: 1.0

vendor:netgearmodel:rbs50yscope:ltversion:2.7.4.12

Trust: 1.0

vendor:netgearmodel:ex6100scope:ltversion:1.0.1.106

Trust: 1.0

vendor:netgearmodel:rbr20scope:ltversion:2.7.4.24

Trust: 1.0

vendor:netgearmodel:ex7300v2scope:ltversion:1.0.0.146

Trust: 1.0

vendor:netgearmodel:ex8000scope:ltversion:1.0.1.238

Trust: 1.0

vendor:netgearmodel:xr450scope:ltversion:2.3.2.130

Trust: 1.0

vendor:netgearmodel:ex6250scope:ltversion:1.0.0.146

Trust: 1.0

vendor:netgearmodel:lbr1020scope:ltversion:2.6.5.32

Trust: 1.0

vendor:netgearmodel:rbr50scope:ltversion:2.7.4.24

Trust: 1.0

vendor:netgearmodel:xr500scope:ltversion:2.3.2.130

Trust: 1.0

vendor:netgearmodel:r8900scope:ltversion:1.0.5.36

Trust: 1.0

vendor:netgearmodel:ex6500v1scope:ltversion:1.0.0.146

Trust: 1.0

vendor:netgearmodel:wn3000rpv2scope:ltversion:1.0.0.88

Trust: 1.0

vendor:ネットギアmodel:ex6200scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex6100scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex6400scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:lbr20scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex7300scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7800scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex6410scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex7320scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex8000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex6150scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex2700scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex7700scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6700axscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex6400v2scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:lbr1020scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex7300v2scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex6420scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex6250scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:d7800scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex6500v1scope: - version: -

Trust: 0.8

sources: ZDI: ZDI-21-1116 // CNVD: CNVD-2025-18550 // JVNDB: JVNDB-2021-021936 // NVD: CVE-2021-34947

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2021-34947
value: HIGH

Trust: 1.0

OTHER: JVNDB-2021-021936
value: HIGH

Trust: 0.8

ZDI: CVE-2021-34947
value: HIGH

Trust: 0.7

CNVD: CNVD-2025-18550
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202109-1872
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-18550
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2021-34947
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

OTHER: JVNDB-2021-021936
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-34947
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-1116 // CNVD: CNVD-2025-18550 // JVNDB: JVNDB-2021-021936 // CNNVD: CNNVD-202109-1872 // NVD: CVE-2021-34947

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-021936 // NVD: CVE-2021-34947

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202109-1872

PATCH

title:NETGEAR has issued an update to correct this vulnerability.url:https://kb.netgear.com/000064044/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2021-0129

Trust: 0.7

title:Patch for NETGEAR R7800 Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/713061

Trust: 0.6

title:Netgear NETGEAR R7800 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164868

Trust: 0.6

sources: ZDI: ZDI-21-1116 // CNVD: CNVD-2025-18550 // CNNVD: CNNVD-202109-1872

EXTERNAL IDS

db:NVDid:CVE-2021-34947

Trust: 4.6

db:ZDIid:ZDI-21-1116

Trust: 3.8

db:JVNDBid:JVNDB-2021-021936

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-13055

Trust: 0.7

db:CNVDid:CNVD-2025-18550

Trust: 0.6

db:CS-HELPid:SB2021100101

Trust: 0.6

db:CNNVDid:CNNVD-202109-1872

Trust: 0.6

db:VULMONid:CVE-2021-34947

Trust: 0.1

sources: ZDI: ZDI-21-1116 // CNVD: CNVD-2025-18550 // VULMON: CVE-2021-34947 // JVNDB: JVNDB-2021-021936 // CNNVD: CNNVD-202109-1872 // NVD: CVE-2021-34947

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-21-1116/

Trust: 3.1

url:https://kb.netgear.com/000064044/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-psv-2021-0129

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34947

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021100101

Trust: 0.6

sources: ZDI: ZDI-21-1116 // CNVD: CNVD-2025-18550 // VULMON: CVE-2021-34947 // JVNDB: JVNDB-2021-021936 // CNNVD: CNNVD-202109-1872 // NVD: CVE-2021-34947

CREDITS

Hoang Thach Nguyen of STAR Labs

Trust: 1.3

sources: ZDI: ZDI-21-1116 // CNNVD: CNNVD-202109-1872

SOURCES

db:ZDIid:ZDI-21-1116
db:CNVDid:CNVD-2025-18550
db:VULMONid:CVE-2021-34947
db:JVNDBid:JVNDB-2021-021936
db:CNNVDid:CNNVD-202109-1872
db:NVDid:CVE-2021-34947

LAST UPDATE DATE

2025-08-26T23:37:01.238000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-1116date:2021-09-28T00:00:00
db:CNVDid:CNVD-2025-18550date:2025-08-15T00:00:00
db:JVNDBid:JVNDB-2021-021936date:2025-08-25T07:11:00
db:CNNVDid:CNNVD-202109-1872date:2021-10-08T00:00:00
db:NVDid:CVE-2021-34947date:2025-08-14T01:42:44.800

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-1116date:2021-09-28T00:00:00
db:CNVDid:CNVD-2025-18550date:2025-07-29T00:00:00
db:JVNDBid:JVNDB-2021-021936date:2025-08-25T00:00:00
db:CNNVDid:CNNVD-202109-1872date:2021-09-28T00:00:00
db:NVDid:CVE-2021-34947date:2024-05-07T23:15:07.653