CVE-2021-34978: NETGEAR R6260 setupwizard.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability
First published: Thu Jan 13 2022(Updated: )
Credit: zdi-disclosures@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NETGEAR R6260 | ||
| Netgear R6260 Firmware | =1.1.0.78_1.0.1 | |
| NETGEAR R6260 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-34978?
CVE-2021-34978 is a vulnerability that allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 routers.
How severe is CVE-2021-34978?
CVE-2021-34978 has a severity score of 8.8, which is considered high.
How can an attacker exploit CVE-2021-34978?
An attacker can exploit CVE-2021-34978 by sending a crafted SOAP request to the setupwizard.cgi page.
Is authentication required to exploit CVE-2021-34978?
No, authentication is not required to exploit CVE-2021-34978.
Where can I find more information about CVE-2021-34978?
You can find more information about CVE-2021-34978 in the reference links provided: [link1](https://kb.netgear.com/000064258/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Routers-DSL-Modem-Routers-and-Access-Points-PSV-2021-0151-and-PSV-2021-0170?article=000064258) and [link2](https://www.zerodayinitiative.com/advisories/ZDI-21-1240/).
- collector/zdi-advisory
- alias/ZDI-21-1240
- alias/ZDI-CAN-13511
- alias/CVE-2021-34978
- collector/nvd-index
- vendor/netgear
- canonical/netgear r6260
- canonical/netgear r6260 firmware
- version/netgear r6260 firmware/1.1.0.78_1.0.1