Details of VAR-202110-1806

ID

VAR-202110-1806

CVE

CVE-2021-34982

TITLE

Out-of-bounds write vulnerability in multiple Netgear products

Trust: 0.8

sources: JVNDB: JVNDB-2021-021931

DESCRIPTION

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13709. DC112A firmware, EX3700 firmware, EX3800 Multiple Netgear products, including firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.25

sources: NVD: CVE-2021-34982 // JVNDB: JVNDB-2021-021931 // ZDI: ZDI-21-1274

AFFECTED PRODUCTS

vendor:	netgear	model:	rax35v2	scope:	lt	version:	1.0.4.100	Trust: 1.0
vendor:	netgear	model:	r7960p	scope:	lt	version:	1.4.2.84	Trust: 1.0
vendor:	netgear	model:	ex3800	scope:	lt	version:	1.0.0.94	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.76	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.72	Trust: 1.0
vendor:	netgear	model:	v6510-1fxaus	scope:	lt	version:	1.0.0.80	Trust: 1.0
vendor:	netgear	model:	rax80	scope:	lt	version:	1.0.5.132	Trust: 1.0
vendor:	netgear	model:	xr300	scope:	lt	version:	1.0.3.68	Trust: 1.0
vendor:	netgear	model:	raxe500	scope:	lt	version:	1.0.8.70	Trust: 1.0
vendor:	netgear	model:	ex3700	scope:	lt	version:	1.0.0.94	Trust: 1.0
vendor:	netgear	model:	rs400	scope:	lt	version:	1.5.1.80	Trust: 1.0
vendor:	netgear	model:	r6700v3	scope:	lt	version:	1.0.4.120	Trust: 1.0
vendor:	netgear	model:	wndr3400v3	scope:	lt	version:	1.0.1.42	Trust: 1.0
vendor:	netgear	model:	d6400	scope:	lt	version:	1.0.0.108	Trust: 1.0
vendor:	netgear	model:	rax38v2	scope:	lt	version:	1.0.4.100	Trust: 1.0
vendor:	netgear	model:	r8000p	scope:	lt	version:	1.4.2.84	Trust: 1.0
vendor:	netgear	model:	r6400v2	scope:	lt	version:	1.0.4.120	Trust: 1.0
vendor:	netgear	model:	d6220	scope:	lt	version:	1.0.0.76	Trust: 1.0
vendor:	netgear	model:	ms80	scope:	lt	version:	1.1.6.10	Trust: 1.0
vendor:	netgear	model:	rax48	scope:	lt	version:	1.0.4.100	Trust: 1.0
vendor:	netgear	model:	wnr3500lv2	scope:	lt	version:	1.2.0.70	Trust: 1.0
vendor:	netgear	model:	xr1000	scope:	lt	version:	1.0.0.64	Trust: 1.0
vendor:	netgear	model:	rax50	scope:	lt	version:	1.0.4.100	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.156	Trust: 1.0
vendor:	netgear	model:	rax40v2	scope:	lt	version:	1.0.4.100	Trust: 1.0
vendor:	netgear	model:	dgn2200v4	scope:	lt	version:	1.0.0.126	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.76	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.3.148	Trust: 1.0
vendor:	netgear	model:	dc112a	scope:	lt	version:	1.0.0.62	Trust: 1.0
vendor:	netgear	model:	mr60	scope:	lt	version:	1.1.6.122	Trust: 1.0
vendor:	netgear	model:	ex7500	scope:	lt	version:	1.0.1.76	Trust: 1.0
vendor:	netgear	model:	rax43	scope:	lt	version:	1.0.4.100	Trust: 1.0
vendor:	netgear	model:	ex7000	scope:	lt	version:	1.0.1.106	Trust: 1.0
vendor:	netgear	model:	rax15	scope:	lt	version:	1.0.4.100	Trust: 1.0
vendor:	netgear	model:	rax50s	scope:	lt	version:	1.0.4.100	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.128	Trust: 1.0
vendor:	netgear	model:	ms60	scope:	lt	version:	1.1.6.122	Trust: 1.0
vendor:	netgear	model:	ex6120	scope:	lt	version:	1.0.0.66	Trust: 1.0
vendor:	netgear	model:	r7900p	scope:	lt	version:	1.4.2.84	Trust: 1.0
vendor:	netgear	model:	rax45	scope:	lt	version:	1.0.4.100	Trust: 1.0
vendor:	netgear	model:	rax75	scope:	lt	version:	1.0.5.132	Trust: 1.0
vendor:	netgear	model:	lax20	scope:	lt	version:	1.1.6.30	Trust: 1.0
vendor:	netgear	model:	d7000v2	scope:	lt	version:	1.0.0.76	Trust: 1.0
vendor:	netgear	model:	rax42	scope:	lt	version:	1.0.4.100	Trust: 1.0
vendor:	netgear	model:	r7850	scope:	lt	version:	1.0.5.76	Trust: 1.0
vendor:	netgear	model:	raxe450	scope:	lt	version:	1.0.8.70	Trust: 1.0
vendor:	netgear	model:	ex6130	scope:	lt	version:	1.0.0.46	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.3.148	Trust: 1.0
vendor:	netgear	model:	rax20	scope:	lt	version:	1.0.4.100	Trust: 1.0
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.156	Trust: 1.0
vendor:	netgear	model:	mr80	scope:	lt	version:	1.1.6.10	Trust: 1.0
vendor:	netgear	model:	rax200	scope:	lt	version:	1.0.5.132	Trust: 1.0
vendor:	ネットギア	model:	mr80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6130	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	dc112a	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6400v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	mr60	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex3800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ms60	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7100lg	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700v3	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6120	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex7500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ms80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	lax20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex3700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	multiple routers	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-1274 // JVNDB: JVNDB-2021-021931 // NVD: CVE-2021-34982

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2021-34982
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2021-021931
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-34982
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202110-2193
value:	HIGH
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2021-34982
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
OTHER:	JVNDB-2021-021931
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2021-34982
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-1274 // JVNDB: JVNDB-2021-021931 // CNNVD: CNNVD-202110-2193 // NVD: CVE-2021-34982

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-021931 // NVD: CVE-2021-34982

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-2193

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159	Trust: 0.7
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167952	Trust: 0.6

sources: ZDI: ZDI-21-1274 // CNNVD: CNNVD-202110-2193

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34982	Trust: 3.9
db:	ZDI	id:	ZDI-21-1274	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-021931	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-13709	Trust: 0.7
db:	CNNVD	id:	CNNVD-202110-2193	Trust: 0.6

sources: ZDI: ZDI-21-1274 // JVNDB: JVNDB-2021-021931 // CNNVD: CNNVD-202110-2193 // NVD: CVE-2021-34982

REFERENCES

url:	https://kb.netgear.com/000064313/security-advisory-for-pre-authentication-buffer-overflow-on-some-extenders-routers-and-dsl-modem-routers-psv-2021-0159	Trust: 2.5
url:	https://www.zerodayinitiative.com/advisories/zdi-21-1274/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34982	Trust: 0.8

sources: ZDI: ZDI-21-1274 // JVNDB: JVNDB-2021-021931 // CNNVD: CNNVD-202110-2193 // NVD: CVE-2021-34982

CREDITS

Sungur Labs

Trust: 1.3

sources: ZDI: ZDI-21-1274 // CNNVD: CNNVD-202110-2193

SOURCES

db:	ZDI	id:	ZDI-21-1274
db:	JVNDB	id:	JVNDB-2021-021931
db:	CNNVD	id:	CNNVD-202110-2193
db:	NVD	id:	CVE-2021-34982

LAST UPDATE DATE

2025-08-16T23:08:29.384000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-1274	date:	2021-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-021931	date:	2025-08-15T07:39:00
db:	CNNVD	id:	CNNVD-202110-2193	date:	2021-11-01T00:00:00
db:	NVD	id:	CVE-2021-34982	date:	2025-08-14T01:41:19.343

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-1274	date:	2021-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-021931	date:	2025-08-15T00:00:00
db:	CNNVD	id:	CNNVD-202110-2193	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2021-34982	date:	2024-05-07T23:15:13.400