CVE-2021-27239 - Netgear Rbs850 Firmware, Netgear R7000p Firmware and Netgear Rbs750 Firmware
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851.
Affected software
Netgear Rbs850 Firmware
Netgear R7000p Firmware
Netgear Rbs750 Firmware
Netgear Xr300 Firmware
Netgear D7000 Firmware
Netgear R6900p Firmware
Netgear R7900p Firmware
Netgear R7850 Firmware
Netgear Rbr750 Firmware
Netgear Rs400 Firmware
Netgear Rbr850 Firmware
Netgear Ex7500 Firmware
Netgear Rax75 Firmware
Netgear Rax200 Firmware
Netgear R8000p Firmware
Netgear D6400 Firmware
Netgear R7900 Firmware
Netgear R7000 Firmware
Netgear Ex7000 Firmware
Netgear R6700 Firmware
Netgear D8500 Firmware
Netgear Wndr3400 Firmware
Netgear R7100lg Firmware
Netgear R8300 Firmware
Netgear D6220 Firmware
Netgear Rax80 Firmware
Netgear R8500 Firmware
Netgear R8000 Firmware
Netgear Dc112a Firmware
Netgear R6300 Firmware
Netgear R6250 Firmware
Netgear R6400 Firmware
Netgear Wnr3500l Firmware
Netgear Rbs40v Firmware
Netgear R7960p Firmware