CVE-2021-34991 - Netgear Rax200 Firmware, Netgear Rax15 Firmware and Netgear Rax38v2 Firmware
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.
Affected software
Netgear Rax200 Firmware
Netgear Rax15 Firmware
Netgear Rax38v2 Firmware
Netgear Raxe450 Firmware
Netgear D6400 Firmware
Netgear R7100lg Firmware
Netgear Xr300 Firmware
Netgear Rax50s Firmware
Netgear R7000 Firmware
Netgear Rax45 Firmware
Netgear R6900p Firmware
Netgear Rax50 Firmware
Netgear Rax20 Firmware
Netgear R6400 Firmware
Netgear R8500 Firmware
Netgear R8000 Firmware
Netgear Rax35v2 Firmware
Netgear R8000p Firmware
Netgear Raxe500 Firmware
Netgear Wndr3400v3 Firmware
Netgear Rax48 Firmware
Netgear Rax75 Firmware
Netgear D7000v2 Firmware
Netgear R7960p Firmware
Netgear R6400v2 Firmware
Netgear R6700v3 Firmware
Netgear Rax80 Firmware
Netgear Dc112a Firmware
Netgear Rax43 Firmware
Netgear Dgn2200v4 Firmware
Netgear Ex6130 Firmware
Netgear D6220 Firmware
Netgear R8300 Firmware
Netgear Rs400 Firmware
Netgear Rax40v2 Firmware
Netgear Wnr3500lv2 Firmware
Netgear Cax80 Firmware
Netgear Ex3700 Firmware
Netgear Ex3800 Firmware
Netgear Ex6120 Firmware
Netgear R7850 Firmware
Netgear R7000p Firmware
Netgear R7900p Firmware
Netgear Rax42 Firmware