8.8
HIGH
CVE-2021-27251
NETGEAR Nighthawk R7800 Firmware Update Code Execution Vulnerability
Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.

INFO

Published Date :

April 14, 2021, 4:15 p.m.

Last Modified :

Nov. 21, 2024, 5:57 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

2.8
Public PoC/Exploit Available at Github

CVE-2021-27251 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2021-27251 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Netgear r7800_firmware
2 Netgear ex8000_firmware
3 Netgear r8900_firmware
4 Netgear r9000_firmware
5 Netgear xr500_firmware
6 Netgear d7800_firmware
7 Netgear rbk12_firmware
8 Netgear rbr10_firmware
9 Netgear rbs10_firmware
10 Netgear rbk20_firmware
11 Netgear rbr20_firmware
12 Netgear rbs20_firmware
13 Netgear rbk40_firmware
14 Netgear rbr40_firmware
15 Netgear rbs40_firmware
16 Netgear rbk50_firmware
17 Netgear rbr50_firmware
18 Netgear rbs50_firmware
19 Netgear xr450_firmware
20 Netgear xr700_firmware
21 Netgear ex6150_firmware
22 Netgear ex6100v2_firmware
23 Netgear ex6400_firmware
24 Netgear ex7300_firmware
25 Netgear ex6250_firmware
26 Netgear ex6400v2_firmware
27 Netgear ex6410_firmware
28 Netgear ex7300v2_firmware
29 Netgear ex7320_firmware
30 Netgear ex7700_firmware
31 Netgear rbs50y_firmware
32 Netgear br200_firmware
33 Netgear br500_firmware
34 Netgear ex6420_firmware
35 Netgear lbr20_firmware
36 Netgear rbk13_firmware
37 Netgear rbk14_firmware
38 Netgear rbk15_firmware
39 Netgear rbk23_firmware
40 Netgear rbk43_firmware
41 Netgear rbk43s_firmware
42 Netgear rbk44_firmware
43 Netgear rbk53_firmware
44 Netgear d7800
45 Netgear ex6100
46 Netgear r9000
47 Netgear r8900
48 Netgear r7800
49 Netgear xr500
50 Netgear xr700
51 Netgear rbr20
52 Netgear rbs20
53 Netgear rbk20
54 Netgear rbr40
55 Netgear rbs40
56 Netgear rbk40
57 Netgear rbr50
58 Netgear rbs50
59 Netgear rbk50
60 Netgear ex6150
61 Netgear ex6400
62 Netgear ex7300
63 Netgear ex8000
64 Netgear xr450
65 Netgear rbs50y
66 Netgear ex7700
67 Netgear rbk12
68 Netgear rbr10
69 Netgear rbs10
70 Netgear ex6250
71 Netgear ex6410
72 Netgear ex7320
73 Netgear rbk13
74 Netgear rbk14
75 Netgear rbk15
76 Netgear rbk23
77 Netgear rbk43
78 Netgear rbk43s
79 Netgear rbk44
80 Netgear br200
81 Netgear br500
82 Netgear ex6420
83 Netgear lbr20
84 Netgear rbk53
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-27251.

URL Resource
https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders Patch Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-247/ Third Party Advisory VDB Entry
https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders Patch Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-247/ Third Party Advisory VDB Entry

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Repository that tracks public exploits, vulnerabilities and advisories that I [co-]discovered or [co-]authored.

Ruby Shell Python

Updated: 2 weeks, 6 days ago
110 stars 20 fork 20 watcher
Born at : April 8, 2020, 6:11 p.m. This repo has been linked 32 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-27251 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-27251 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders
    Added Reference https://www.zerodayinitiative.com/advisories/ZDI-21-247/
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Apr. 27, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:A/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders No Types Assigned https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders Patch, Vendor Advisory
    Changed Reference Type https://www.zerodayinitiative.com/advisories/ZDI-21-247/ No Types Assigned https://www.zerodayinitiative.com/advisories/ZDI-21-247/ Third Party Advisory, VDB Entry
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:br200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.10.0.5 OR cpe:2.3:h:netgear:br200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:br500_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.10.0.5 OR cpe:2.3:h:netgear:br500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.1.60 OR cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.1.98 OR cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.1.98 OR cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex6250_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.0.134 OR cpe:2.3:h:netgear:ex6250:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex6400_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.2.158 OR cpe:2.3:h:netgear:ex6400:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex6400v2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.0.134 OR cpe:2.3:h:netgear:ex6400:v2:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex6410_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.0.134 OR cpe:2.3:h:netgear:ex6410:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex6420_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.0.134 OR cpe:2.3:h:netgear:ex6420:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex7300_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.2.158 OR cpe:2.3:h:netgear:ex7300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex7300v2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.0.134 OR cpe:2.3:h:netgear:ex7300:v2:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex7320_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.0.134 OR cpe:2.3:h:netgear:ex7320:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex7700_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.0.216 OR cpe:2.3:h:netgear:ex7700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.1.232 OR cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.3.50 OR cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.2.80 OR cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.5.28 OR cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.5.28 OR cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.2.104 OR cpe:2.3:h:netgear:rbk12:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk13_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.2.104 OR cpe:2.3:h:netgear:rbk13:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk14_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.2.104 OR cpe:2.3:h:netgear:rbk14:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk15_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.2.104 OR cpe:2.3:h:netgear:rbk15:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk23_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.2.104 OR cpe:2.3:h:netgear:rbk23:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk43_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbk43:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk43s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbk43s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk44_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbk44:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.2.104 OR cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbk53_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.2.104 OR cpe:2.3:h:netgear:rbk53:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.2.104 OR cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.2.104 OR cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:rbs50y_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.2.104 OR cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.3.2.114 OR cpe:2.3:h:netgear:xr450:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.3.2.114 OR cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.1.38 OR cpe:2.3:h:netgear:xr700:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-27251 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.19 }} 0.05%

score

0.56278

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability