NETGEAR R7000 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a n before the Content-Length header.

CWE: CWE-787

CVSS 2: HIGH – 8.3 (Version: 2.0)
CVSS 3: HIGH – 8.8 (Version: 3.1)


NVD – CVE-2021-31802
CVE – CVE-2021-31802

Link (max. 20) Quelle Tags MISC Exploit Third Party Advisory MISC Vendor Advisory Patch Third Party Advisory Vendor Advisory MISC Exploit Patch Third Party Advisory
GLSA-202104-08 GENTOO Third Party Advisory
FEDORA-2021-c3754414e7 FEDORA
FEDORA-2021-ff893e12c5 FEDORA

Quelle: NVD – CVE-2021-31802
Datum Veröffentlichung: 2021-04-26T13:15Z, Datum letzte Änderung: 2021-05-06T20:38Z