CVE-2021-27254: (Pwn2Own) NETGEAR Nighthawk R7800 Use of Hard-coded Password Authentication Bypass Vulnerability
First published: Fri Mar 05 2021(Updated: )
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root.
Credit: zdi-disclosures@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NETGEAR R7800 | ||
| NETGEAR br200 | <5.10.0.5 | |
| NETGEAR BR200 Firmware | ||
| NETGEAR br500 firmware | <5.10.0.5 | |
| NETGEAR br500 firmware | ||
| NETGEAR D7800 | <1.0.1.60 | |
| NETGEAR D7800 Firmware | ||
| NETGEAR EX6100v2 firmware | <1.0.1.98 | |
| NETGEAR EX6100v2 firmware | ||
| NETGEAR EX6150v2 firmware | <1.0.1.98 | |
| NETGEAR EX6150v2 firmware | ||
| NETGEAR EX6250 | <1.0.0.134 | |
| NETGEAR EX6250 | ||
| NETGEAR EX6400 firmware | <1.0.2.158 | |
| NETGEAR EX6400v2 | ||
| NETGEAR EX6400v2 firmware | <1.0.0.134 | |
| NETGEAR EX6400v2 firmware | ||
| NETGEAR EX6410 | <1.0.0.134 | |
| NETGEAR EX6410 | ||
| NETGEAR EX6420 | <1.0.0.134 | |
| NETGEAR EX6420 | ||
| NETGEAR EX7300 | <1.0.2.158 | |
| NETGEAR EX7300v2 | ||
| NETGEAR EX7300v2 firmware | <1.0.0.134 | |
| NETGEAR EX7300v2 firmware | ||
| NETGEAR EX7320 | <1.0.0.134 | |
| NETGEAR EX7320 | ||
| NETGEAR EX7700 | <1.0.0.216 | |
| NETGEAR EX7700 | ||
| NETGEAR EX8000 | <1.0.1.232 | |
| NETGEAR EX8000 | ||
| NETGEAR LBR20 firmware | <2.6.3.50 | |
| NETGEAR LBR20 firmware | ||
| NETGEAR R7800 firmware | <1.0.2.80 | |
| NETGEAR R7800 | ||
| NETGEAR R8900 firmware | <1.0.5.28 | |
| NETGEAR R8900 | ||
| NETGEAR R9000 firmware | <1.0.5.28 | |
| NETGEAR R9000 firmware | ||
| NETGEAR RBK12 firmware | <2.7.2.104 | |
| NETGEAR RBK12 firmware | ||
| NETGEAR rbk13 firmware | <2.7.2.104 | |
| NETGEAR rbk13 firmware | ||
| NETGEAR rbk14 firmware | <2.7.2.104 | |
| NETGEAR rbk14 firmware | ||
| NETGEAR RBK15 Firmware | <2.7.2.104 | |
| NETGEAR RBK15 Firmware | ||
| NETGEAR RBK20 Router Firmware | <2.6.2.104 | |
| NETGEAR RBK20 firmware | ||
| NETGEAR RBK23 Satellite Firmware | <2.7.2.104 | |
| NETGEAR Orbi RBK23 | ||
| NETGEAR RBK40 | <2.6.2.104 | |
| NETGEAR RBK40 firmware | ||
| NETGEAR RBK43 | <2.6.2.104 | |
| NETGEAR RBK43 Router Firmware | ||
| NETGEAR RBK43S Router Firmware | <2.6.2.104 | |
| NETGEAR RBK43S Firmware | ||
| NETGEAR RBK44 Satellite Firmware | <2.6.2.104 | |
| NETGEAR RBK44 Satellite Firmware | ||
| NETGEAR RBK50 firmware | <2.7.2.104 | |
| NETGEAR RBK50 | ||
| NETGEAR RBK53 Firmware | <2.7.2.104 | |
| NETGEAR Orbi RBK53 | ||
| NETGEAR RBR10 firmware | <2.6.2.104 | |
| NETGEAR RBR10 firmware | ||
| NETGEAR RBR20 | <2.6.2.104 | |
| NETGEAR RBR20 | ||
| NETGEAR CBR40 firmware | <2.6.2.104 | |
| NETGEAR RBR40 firmware | ||
| NETGEAR RBR50 firmware | <2.7.2.104 | |
| NETGEAR RBR50 firmware | ||
| NETGEAR RBS10 | <2.6.2.104 | |
| NETGEAR RBS10 firmware | ||
| NETGEAR RBS20 firmware | <2.6.2.104 | |
| NETGEAR RBS20 firmware | ||
| NETGEAR RBS40 firmware | <2.6.2.104 | |
| NETGEAR RBS40 firmware | ||
| NETGEAR RBS50 firmware | <2.7.2.104 | |
| NETGEAR RBS50 | ||
| NETGEAR RBS50Y firmware | <2.6.2.104 | |
| NETGEAR RBS50Y firmware | ||
| NETGEAR XR450 firmware | <2.3.2.114 | |
| NETGEAR XR450 firmware | ||
| NETGEAR XR500 firmware | <2.3.2.114 | |
| NETGEAR XR500 firmware | ||
| NETGEAR XR700 | <1.0.1.38 | |
| NETGEAR XR700 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-27254?
CVE-2021-27254 has been classified as critical due to its ability to allow unauthenticated remote access to the affected devices.
How do I fix CVE-2021-27254?
To mitigate CVE-2021-27254, users should immediately update their NETGEAR R7800 firmware to the latest version provided by NETGEAR.
Which devices are affected by CVE-2021-27254?
CVE-2021-27254 specifically affects the NETGEAR R7800 router, along with certain firmware versions of other NETGEAR devices.
What exploit can be performed using CVE-2021-27254?
CVE-2021-27254 allows attackers to bypass authentication and gain unauthorized access to configuration settings on NETGEAR R7800 devices.
Is authentication required to exploit CVE-2021-27254?
No, CVE-2021-27254 does not require any authentication, making it particularly dangerous for network-adjacent attackers.
- agent/weakness
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-252
- alias/ZDI-CAN-12287
- alias/CVE-2021-27254
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netgear
- canonical/netgear r7800
- canonical/netgear br200
- canonical/netgear br200 firmware
- canonical/netgear br500 firmware
- canonical/netgear d7800
- canonical/netgear d7800 firmware
- canonical/netgear ex6100v2 firmware
- canonical/netgear ex6150v2 firmware
- canonical/netgear ex6250
- canonical/netgear ex6400 firmware
- canonical/netgear ex6400v2
- canonical/netgear ex6400v2 firmware
- canonical/netgear ex6410
- canonical/netgear ex6420
- canonical/netgear ex7300
- canonical/netgear ex7300v2
- canonical/netgear ex7300v2 firmware
- canonical/netgear ex7320
- canonical/netgear ex7700
- canonical/netgear ex8000
- canonical/netgear lbr20 firmware
- canonical/netgear r7800 firmware
- canonical/netgear r8900 firmware
- canonical/netgear r8900
- canonical/netgear r9000 firmware
- canonical/netgear rbk12 firmware
- canonical/netgear rbk13 firmware
- canonical/netgear rbk14 firmware
- canonical/netgear rbk15 firmware
- canonical/netgear rbk20 router firmware
- canonical/netgear rbk20 firmware
- canonical/netgear rbk23 satellite firmware
- canonical/netgear orbi rbk23
- canonical/netgear rbk40
- canonical/netgear rbk40 firmware
- canonical/netgear rbk43
- canonical/netgear rbk43 router firmware
- canonical/netgear rbk43s router firmware
- canonical/netgear rbk43s firmware
- canonical/netgear rbk44 satellite firmware
- canonical/netgear rbk50 firmware
- canonical/netgear rbk50
- canonical/netgear rbk53 firmware
- canonical/netgear orbi rbk53
- canonical/netgear rbr10 firmware
- canonical/netgear rbr20
- canonical/netgear cbr40 firmware
- canonical/netgear rbr40 firmware
- canonical/netgear rbr50 firmware
- canonical/netgear rbs10
- canonical/netgear rbs10 firmware
- canonical/netgear rbs20 firmware
- canonical/netgear rbs40 firmware
- canonical/netgear rbs50 firmware
- canonical/netgear rbs50
- canonical/netgear rbs50y firmware
- canonical/netgear xr450 firmware
- canonical/netgear xr500 firmware
- canonical/netgear xr700
- canonical/netgear xr700 firmware