CVE-2021-27254: (Pwn2Own) NETGEAR Nighthawk R7800 Use of Hard-coded Password Authentication Bypass Vulnerability
First published: Fri Mar 05 2021(Updated: )
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root.
Credit: zdi-disclosures@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NETGEAR R7800 | <5.10.0.5 | |
| Netgear Br200 | ||
| NETGEAR R7800 | <5.10.0.5 | |
| Netgear Br500 | ||
| Netgear D7800 Firmware | <1.0.1.60 | |
| Netgear D7800 | ||
| Netgear Ex6100v2 Firmware | <1.0.1.98 | |
| Netgear Ex6100v2 | ||
| Netgear Ex6150v2 Firmware | <1.0.1.98 | |
| Netgear Ex6150v2 | ||
| Netgear Ex6250 Firmware | <1.0.0.134 | |
| Netgear Ex6250 | ||
| Netgear Ex6400 Firmware | <1.0.2.158 | |
| Netgear Ex6400 | ||
| Netgear Ex6400v2 Firmware | <1.0.0.134 | |
| Netgear Ex6400v2 | ||
| Netgear Ex6410 Firmware | <1.0.0.134 | |
| Netgear Ex6410 | ||
| Netgear Ex6420 Firmware | <1.0.0.134 | |
| Netgear Ex6420 | ||
| Netgear Ex7300 Firmware | <1.0.2.158 | |
| Netgear Ex7300 | ||
| Netgear Ex7300v2 Firmware | <1.0.0.134 | |
| Netgear Ex7300v2 | ||
| Netgear Ex7320 Firmware | <1.0.0.134 | |
| Netgear Ex7320 | ||
| Netgear Ex7700 Firmware | <1.0.0.216 | |
| NETGEAR EX7700 | ||
| NETGEAR R7800 | <1.0.1.232 | |
| Netgear Ex8000 | ||
| Netgear Lbr20 Firmware | <2.6.3.50 | |
| Netgear Lbr20 | ||
| NETGEAR R7800 firmware | <1.0.2.80 | |
| NETGEAR R7800 | ||
| Netgear R8900 Firmware | <1.0.5.28 | |
| NETGEAR R8900 | ||
| Netgear R9000 Firmware | <1.0.5.28 | |
| NETGEAR R9000 | ||
| Netgear Rbk12 Firmware | <2.7.2.104 | |
| Netgear Rbk12 | ||
| Netgear Rbk13 Firmware | <2.7.2.104 | |
| Netgear Rbk13 | ||
| NETGEAR R7800 | <2.7.2.104 | |
| NETGEAR R7800 | ||
| NETGEAR R7800 | <2.7.2.104 | |
| Netgear Rbk15 | ||
| Netgear Rbk20 Firmware | <2.6.2.104 | |
| Netgear Rbk20 | ||
| Netgear Rbk23 Firmware | <2.7.2.104 | |
| Netgear Rbk23 | ||
| Netgear Rbk40 Firmware | <2.6.2.104 | |
| Netgear Rbk40 | ||
| NETGEAR R7800 | <2.6.2.104 | |
| NETGEAR R7800 | ||
| Netgear Rbk43s Firmware | <2.6.2.104 | |
| NETGEAR R7800 | ||
| Netgear Rbk44 Firmware | <2.6.2.104 | |
| NETGEAR R7800 | ||
| Netgear Rbk50 Firmware | <2.7.2.104 | |
| Netgear Rbk50 | ||
| NETGEAR R7800 | <2.7.2.104 | |
| Netgear Rbk53 | ||
| Netgear Rbr10 Firmware | <2.6.2.104 | |
| Netgear Rbr10 | ||
| Netgear Rbr20 Firmware | <2.6.2.104 | |
| Netgear Rbr20 | ||
| Netgear Rbr40 Firmware | <2.6.2.104 | |
| Netgear Rbr40 | ||
| Netgear Rbr50 Firmware | <2.7.2.104 | |
| Netgear Rbr50 | ||
| Netgear Rbs10 Firmware | <2.6.2.104 | |
| Netgear Rbs10 | ||
| Netgear Rbs20 Firmware | <2.6.2.104 | |
| Netgear Rbs20 | ||
| Netgear Rbs40 Firmware | <2.6.2.104 | |
| Netgear Rbs40 | ||
| Netgear Rbs50 Firmware | <2.7.2.104 | |
| Netgear Rbs50 | ||
| Netgear Rbs50y Firmware | <2.6.2.104 | |
| Netgear Rbs50y | ||
| NETGEAR R7800 | <2.3.2.114 | |
| NETGEAR R7800 | ||
| Netgear Xr500 Firmware | <2.3.2.114 | |
| NETGEAR XR500 | ||
| Netgear Xr700 Firmware | <1.0.1.38 | |
| Netgear Xr700 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-252
- alias/ZDI-CAN-12287
- alias/CVE-2021-27254
- agent/software-canonical-lookup
- vendor/netgear
- canonical/netgear r7800
- canonical/netgear br200
- canonical/netgear br500
- canonical/netgear d7800 firmware
- canonical/netgear d7800
- canonical/netgear ex6100v2 firmware
- canonical/netgear ex6100v2
- canonical/netgear ex6150v2 firmware
- canonical/netgear ex6150v2
- canonical/netgear ex6250 firmware
- canonical/netgear ex6250
- canonical/netgear ex6400 firmware
- canonical/netgear ex6400
- canonical/netgear ex6400v2 firmware
- canonical/netgear ex6400v2
- canonical/netgear ex6410 firmware
- canonical/netgear ex6410
- canonical/netgear ex6420 firmware
- canonical/netgear ex6420
- canonical/netgear ex7300 firmware
- canonical/netgear ex7300
- canonical/netgear ex7300v2 firmware
- canonical/netgear ex7300v2
- canonical/netgear ex7320 firmware
- canonical/netgear ex7320
- canonical/netgear ex7700 firmware
- canonical/netgear ex7700
- canonical/netgear ex8000
- canonical/netgear lbr20 firmware
- canonical/netgear lbr20
- canonical/netgear r7800 firmware
- canonical/netgear r8900 firmware
- canonical/netgear r8900
- canonical/netgear r9000 firmware
- canonical/netgear r9000
- canonical/netgear rbk12 firmware
- canonical/netgear rbk12
- canonical/netgear rbk13 firmware
- canonical/netgear rbk13
- canonical/netgear rbk15
- canonical/netgear rbk20 firmware
- canonical/netgear rbk20
- canonical/netgear rbk23 firmware
- canonical/netgear rbk23
- canonical/netgear rbk40 firmware
- canonical/netgear rbk40
- canonical/netgear rbk43s firmware
- canonical/netgear rbk44 firmware
- canonical/netgear rbk50 firmware
- canonical/netgear rbk50
- canonical/netgear rbk53
- canonical/netgear rbr10 firmware
- canonical/netgear rbr10
- canonical/netgear rbr20 firmware
- canonical/netgear rbr20
- canonical/netgear rbr40 firmware
- canonical/netgear rbr40
- canonical/netgear rbr50 firmware
- canonical/netgear rbr50
- canonical/netgear rbs10 firmware
- canonical/netgear rbs10
- canonical/netgear rbs20 firmware
- canonical/netgear rbs20
- canonical/netgear rbs40 firmware
- canonical/netgear rbs40
- canonical/netgear rbs50 firmware
- canonical/netgear rbs50
- canonical/netgear rbs50y firmware
- canonical/netgear rbs50y
- canonical/netgear xr500 firmware
- canonical/netgear xr500
- canonical/netgear xr700 firmware
- canonical/netgear xr700