Share:

CVE-2021-34991

Critical 8.8

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.

Published November 15, 2021.

Affected software

Netgear Rax200 Firmware

Netgear Rax15 Firmware

Netgear Rax38v2 Firmware

Netgear Raxe450 Firmware

Netgear D6400 Firmware

Netgear R7100lg Firmware

Netgear Xr300 Firmware

Netgear Rax50s Firmware

Netgear R7000 Firmware

Netgear Rax45 Firmware

Netgear R6900p Firmware

Netgear Rax50 Firmware

Netgear Rax20 Firmware

Netgear R6400 Firmware

Netgear R8500 Firmware

Netgear R8000 Firmware

Netgear Rax35v2 Firmware

Netgear R8000p Firmware

Netgear Raxe500 Firmware

Netgear Wndr3400v3 Firmware

Netgear Rax48 Firmware

Netgear Rax75 Firmware

Netgear D7000v2 Firmware

Netgear R7960p Firmware

Netgear R6400v2 Firmware

Netgear R6700v3 Firmware

Netgear Rax80 Firmware

Netgear Dc112a Firmware

Netgear Rax43 Firmware

Netgear Dgn2200v4 Firmware

Netgear Ex6130 Firmware

Netgear D6220 Firmware

Netgear R8300 Firmware

Netgear Rs400 Firmware

Netgear Rax40v2 Firmware

Netgear Wnr3500lv2 Firmware

Netgear Cax80 Firmware

Netgear Ex3700 Firmware

Netgear Ex3800 Firmware

Netgear Ex6120 Firmware

Netgear R7850 Firmware

Netgear R7000p Firmware

Netgear R7900p Firmware

Netgear Rax42 Firmware

Get alerts for Netgear Rax200 Firmware

Reference links